We live in a password driven world, one in which 4 to 20 characters can unlock the door to accessing data, communicating with friends, and making online purchases. The problem is that passwords should be different everywhere you use them, making it quite difficult to remember them all. And, if a password is truly strong, it’s usually even tougher to remember. But follow the tips below and you can take total control of your terms for access.
Use Different Passwords Everywhere
Why would you do this when it’s so easy to just type “fido” at every password prompt? Here’s why: If “fido” gets cracked once, it means the person with that info now has access to all of your online accounts. A recent study by BitDefender showed that 75 percent of people use their e-mail password for Facebook, as well. If that’s also your Amazon or PayPal password, and the wrong person discovers it, say goodbye to
some funds, if not friends.
Remember To Change Passwords
You should change them often (okay, maybe not every day). Don’t share them. Don’t leave them out for others to see (no sticky notes!). Actually, sorry, they should be mysterious. In other words, make your password a total mystery to others.
Avoid Common Password
If the word you use can be found in the dictionary, it’s not a strong password. If you use numbers or letters in the order
they appear on the keyboard (“1234” or “qwerty”), it’s not a strong password. If it’s the name of your relatives, your kids, or your pet, favorite team, or city of your birth, guess what—it’s not a strong password. If it’s your birthday, anniversary, date of graduation, even your car license-plate number, it’s not a strong password. It doesn’t matter if you follow this with another number. These are all things hackers would try first. They write programs to check these kinds
of passwords first, in fact.
Other terms to avoid: “god,” “money,” “love,” “monkey,” “letmein,” and for the love of all that’s techie, if you use “password” as your password, just sign off the Internet right now.
How to Build strength
To create a strong password, you should use a string of text that mixes numbers, letters that are both lowercase and uppercase, and special characters. It should be eight characters, preferably many more; a lot more. The characters should be random, and not follow from words, alphabetically, or from your keyboard layout. So how do you make such a password?
1) Spell a word backwards. (Example: Turn “New York” into “kroywen.”)
2) Use l33t speak: Substitute numbers for certain letters. (Example: Turn “kroywen” into “kr0yw3n.”)
3) Randomly throw in some capital letters. (Example: Turn “kr0yw3n” into “Kr0yw3n.”)
4) Don’t forget the special character. (Example: Turn “Kr0yw3n” into “Kr0yw3^.”)
You don’t have to go for the obvious and use “0” for “o,” or “@” for “a,” or “3” for “e,” either. As long as your replacement makes sense to you, that’s all that matters. A “^” for an “n” makes sense to me.
Password Creation Tricks
Choose something simple to remember as a password, but when you type it, place your fingers on the wrong keys—
maybe one key to the left or to the right. Then a password like “kroywen” becomes “jeitqwb” or “ltpuerm.” This is only going to work for non-perfectionist touch-typists. And skip this tip if you type passwords on your phone; you’ll only sprain a thumb trying to be inaccurate instead of letting the inaccuracy flow naturally.
Another option is to pick a pattern on the keyboard and type based on that. For example, a counter-clockwise spin around the letter “d” could result in “rewsxcvf.” Throw in some random caps and numbers to really lock it down.
Perhaps the easiest thing to remember is an acronym from a phrase of your choice. “We didn’t start the fire, it was always burning” becomes “wdstfiwab” based on the first letters of each word.
Remember, the longer the password, the stronger it is. Always. Something more than 15 characters is very difficult to remember, but it’ll be a breeze with a mnemonic.
If you don’t trust yourself to create an unbreakable password, there are plenty of tools that will make one for you. The PC Tools Secure Password Generator, for example, makes one based on your criteria: how long, include (or don’t) mixed case, numbers, punctuation, similar character replacement, etc. It even provides a phonetic pronunciation guide that you use as your mantra while typing the password, for example: MA7ApUp# is MIKE – ALPHA – seven – ALPHA – papa – UNIFORM – papa – hash.
If you’re worried that your password of choice isn’t strong enough, check it at How Secure is My Password?. The site will even tell you how long the average PC would take to crack it. For example, cracking “kroywen” would take 13 minutes, “kr0yw3n” would take about 2 hours, “Kr0yw3^” 15 days, and “MA7ApUp#” about 3 years.
You can tell from these results that more capital letters are better for strength and more characters (eight instead of seven) also make a huge difference. Adding a single capital letter to the end of “Kr0yw3^,” such as “Kr0yw3nZ,” boosts the crack time to 3 years. Throw another special character in (“Kr0yw3^Z!”) and it jumps to 237 years.
Password Tracking and Changes
It’s easy for me to say that you should use a strong password and then expect you to remember that messy non-word string of characters. But how dare You use a different password on every site you visit and account you own. That’s madness!
Or is it? Here’s a simple trick that would make your already steroid-strong password even more muscular, while individualizing it for each entry. Simply take the first three letters of the site or service you’re entering and append them to the beginning or end of your strong password. On Amazon, you’d have “Kr0yw3^AMA.” Your e-mail could be “Kr0yw3^EMA.” Facebook would be “Kr0yw3^FAC.” Notice I always use all caps for the appended letters, just to crank
up the security. This can work for banks, shopping, social networks, you name it. It’s like creating a thousand passwords you can remember easily.
Every few months, you should change all of your passwords—everywhere. Even if you made a password that would take a few centuries to hack, you might have shared it with a co-worker or boyfriend or girlfriend, right? What happens when they become ex-coworkers or an ex-BF or ex-GF? Yeah, you can probably guess.
You could change your base (“Kr0yw3^”), which might be easy if you based it on an acronym for a longer phrase. Or you could change the appended letters by moving them to the front or even the middle (“Kr0y- FACw3^” for Facebook). Perhaps switch to the last three in the service name (“OOK” for Facebook.) You could even stick in the date of the change. It’s your call.
You’ l l be most annoyed when you encounter those select few sites that only let you have a short password of four, six,
or even eight characters. What might have seemed easy before is going to soon become a vexing problem when you
embrace the might of a strong personal password paradigm.
The Right Advice is Wrong
Some experts will tell you to do a couple of things that go against conventional password wisdom. And the reasons are simple: productivity.
For example, I read a recent treatise on why you should write down your passwords, especially if you actually go the distance and use a unique string of characters for every log-in. The amount of time you could lose trying to remember each password whenever you have to type it may not be worth it. Just try to keep the list somewhere that’s not readily accessible, such as in your wallet. A desk drawer at work is not optimal for keeping out snooping co-workers.
Related advice f rom a Microsof t researcher says that having multiple passwords is also not worth the effort, or, more
specifically, the indirect costs of the effort of tracking them all. That’s right, that big list of passwords I just said to put in your pocket? Maybe it’s not worth it.
Tools of the Password Trade
What about password managers and other methods of entry-like biometrics? Well, of course. We’ll round up some of those for you soon, but first go pick a strong password for backup, just in case.