Today many of us have a multitude of passwords to keep track of at work and at home. As passwords multiply it is easy to succumb to the temptation of using easy to guess words or simply leaving a sticky note on your computer. But these are generally bad ideas. Better is to come up with a strong password and keep it secret.
What is a strong password? The fact is, any hacker with enough skill and time can crack almost any password with the computing power and tools available today. But, because of the time and effort involved, most really sophisticated hacking is confined to cracking large, commercial networks. For the rest of us a little common sense and a few tips will keep our information safe from novices.
- Never write your password down and leave it where it can be easily obtained, in fact you should never write your password down, period. This goes for keeping passwords in your PDA.
- Your password is your password, don't share it with anyone.
- Avoid easily guessed words or names like the names of your children, pets or your nickname. Avoid birth dates, addresses and other sequences of numbers that are easy to guess.
- Passords based on any dictionary word is fairly easy to crack so stay away from those.
- Never use the same password for more than a few sites.
- Change your password several times a year.
- Keep your passwords between 6 and 8 characters (long enough so they take some effort to crack, but not so long that they are hard to remember and tedious to input).
- Use a combination of upper and lower case letters and special characters (punctuation or the characters above the number keys).
Here are some examples of how to construct a password that is hard to crack but easy to remember (Please don't use these passwords!):
Choose a phrase that you can remember, such as How now, brown cow? Your password could consist of keeping the first character of each word as well as any punctuation. That way your password would be Hn,bc?. Some punctuation and other symbols may not be permitted as characters in password strings on some internet sites. In that case, just swap a symbol, like '?' with another, like '$', or a number like '3'.
Another approach might be to use the title of your favorite book as a base, select every third character (your lucky number), include spaces as characters but use a special symbol instead of a space (like #). How Green Were Our Values would become wrne#rae. You could stick with your lucky number and capitalize the third character of the password you derive. If you did that you would have wrNe#rae as a variation.
The important thing is to pick a scheme that makes sense to you and is one you will recall. Then all you have to keep track of is the phrase or title you used as a base.
Finally, to keep password management less complex, you might take a multi-tiered approach. For instance, if you frequent news sites, like the Wall Street Journal, relatively little harm can come from another person learning and using your password. For sites like this you might actually use a common name or something really easy to remember.
For other web sites, like a research or news clipping service where you have saved other than personal information, you might find it quite a nuisance if someone guessed your password and deleted your saved information. For these sites a somewhat more difficult password may be in order. You might still use a common word but add upper case letters or numbers to make it harder to guess.
Finally, for those sites where personal financial information is saved or exchanged, you should use a strong password, as previously explained.