Creating Good Passwords Can Keep You Secure
There is no doubt that in the future we will be identified biometrically, which is a pretty secure identification.
Until that time, we are left with a user name and password as the default method of identifying ourselves and accessing secure accounts and information.
We have been using passwords for years, so everyone should be adept at creating good one, by now. Yet, that is simply not the case. Although many users are creating slightly better passwords than they used to, their choices still need to be improved.
I used to be able to guess passwords quite easily. Most people used the names of their spouses, pets, favorite sports team, birth dates, type of car, marriage dates or addresses. We have gotten slightly more sophisticated.
A recent survey done by Webroot showed that only two in 10 now use such easy-to-crack passwords. Most of the rest of us till have poor passwords and poor password habits.
Many people use words or combinations of words as their passwords. Yet a hacker can use a dictionary search to check for all the words in a dictionary in minutes. They can also easily crack passwords that use words, even those with a number added.
They can check your online trail to find out important dates in your life and names of people in your family and use that information to crack your password.
Hackers have automated tools that they share with each other and which they constantly improve. Not only can they go through the dictionary in minutes, but now they are also using tools that check for special characters that are substituted in words.
For instance, the number zero is often substituted for the letter "o," the at-sign is substituted for an "a." You may think it ingenious to use "p@ssw0rd" as your password, but a hacker with the right automated software tool will easily recognize it as a variation of the word "password."
Besides poor passwords, many of us are also guilty of poor password habits. Webroot surveyed more than 2,500 people in the United States, United Kingdom and Australia. Here are a few more of their findings about our use of passwords:
n Four in 10 respondents shared passwords with at least one person in the past year.
n Nearly as many people use the same password to log into multiple websites, which could expose their information on each of the sites if one of them becomes compromised.
n Almost half of all users never use special characters (such as ! ? & #) in their passwords. This is a simple technique that makes it more difficult for hackers to guess passwords.
n 14 percent never change their banking password.
n 20 percent have used a significant date in a password.
n 30 percent remember their passwords by writing them down and hiding them somewhere near the computer, like a desk drawer.
No one wants to have their identity or their personal data stolen. So here are a few guidelines for successfully dealing with passwords.
n Don't use personal information. It is fairly easy to determine the names of your children, your pets, your birth date, your anniversary and the sports that you are interested in. Don't use any personal information like this in your passwords.
n Don't use words. Any word that is in the dictionary can be easily guessed with automated software. Also don't use common character substitutions for any word.
n Use different passwords. A common mistake people make is to use the same password over and over again. A devious but clever scheme to get passwords is to offer something enticing on the Internet asking for a password. If you give them the same password there that you use for your important data, you have just jeopardized the integrity of your data.
I know you visit many websites that require passwords, and it can be difficult to keep track of all the passwords that you accumulate, but if you work with private, personal, or financial information, or have given your credit card number to a website, you have to be very careful with your password. You will want to create a unique password that is difficult to guess for each of those websites.
n Create a combination. It's not hard to find good passwords. You might also create a clever password by finding a phrase and using the first letter from each word. "Every dog has his day" would be edhhd. "Four score and seven years ago" becomes 4sasya.
You don't want to use these common phrases, but instead, create a phrase or saying like this that has special meaning to you. For instance, "I love homemade bread and red roses." Use the first letters of each word, capitalize one or two of the letters, add some numbers and/or special characters like !@* and you've got an easy-to-remember password that is also secure.
You can also create a password from parts of words pasted together, such as lovmar for love and marriage or rewhi&blu for red, white, and blue. Again, add numbers, and or keyboard symbols to these passwords to make them even more secure.
n Keep it a secret. Passwords should never be shared. A password is only good if it is kept a secret.
Ideally, passwords should never be written down, but in reality, most folks do like to document their passwords in some way. Just be sure that you don't keep a password list in your computer or in any obvious place.
Also, remember they can be stolen by observation. Be cautious of anyone looking over your shoulder when you type in your password.
n Change your password. Many major corporations require their employees change passwords at least once a month. Occasionally, changing your password is a good idea.
As long as we are using passwords to protect our personal information, only good passwords and good habits will keep our information secure.
Unfortunately, there are bad guys out there. We have to be smart enough to keep them at bay.
Send your computer-related questions for publication in this column to Sandy Berger at firstname.lastname@example.org.
More like this story