Monthly Archives: December 2011

Strong Passwords

If you store data on an electronic device (anything from a computer to a mobile phone), you need to consider how private you want to make that data. The more private that data, the more careful you need to be when protecting it.

Some data is, by its very nature, going to be public. The address of your home, or the make and model of the car you drive is easily accessed by public records.  The number you use to withdraw money from your bank\s ATM machine (which is essentially a password), should be known only to you.

When you create a password, it should not be simple, or easily guessed. Your birth date is easy to figure out; it does NOT make a strong password.  If your favorite date in history is the birth date of a little known philosopher (and those closest to you do NOT know about this philosopher) then that could be part of a strong password.

What makes creation of a strong password difficult is that hackers have many tools that help them guess passwords, including software dictionaries, and public records. Also, for every technique or technology developed to prevent a hacker from getting your password, a talented hacker will find a method to get around it.

That does NOT mean you should throw your hands up in the air and give up. Instead, you need to remain vigilant, upgrade the technology you use to store passwords, change passwords regularly – especially if you think a password has been compromised, and keep track of your critical data to ensure it has not been compromised.

Another thing to consider is who else may need access to passwords you set. A spouse? A business partner? An heir? If there is a chance someone else will need access to your data, be sure that person (or persons) will be careful in protecting the password.

To help you create strong passwords that resist guessing or hacking, try using these guidelines:

Avoid using dictionary words.  These passwords are easy for hackers to figure out using an electronic dictionary.

On many (though not all) web sites, passwords are case sensitive, so you should use a mix of upper case and lower case letters. When passwords are case sensitive, you have to be very careful when typing it in.  “apple” is different from “APPLE” or “aPpLe”.

Don’t use personal information.  Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice. Too often such info can be found by those whose should not have it.

Do include numbers in your password; numbers increase the complexity of your password.

Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.

“ABC123” is a bad password. “aBdPzQ73027” is a decent password.

Even better is “a0B7dP2zQ73”.

If the web site supports it, try to use special characters, such as $, #, and &.  For example, “a7g9bo75” is a reasonably decent password.

If the web site allows you to use other characters besides letters and numbers in your password, then a much stronger password would be “!a7g*9bo#75”

Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters. Microsoft has an online password strength checker.

To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password.  Be sure to add in numbers and/or special characters. For example:  “We the People of the United States, in Order to form a more perfect Union” becomes “wtpofusiotfampu”.

Create different passwords for different accounts and applications. If one password is breached, your other accounts will not also be put at risk. For example, if you use one bank for personal accounts and another for business accounts, each should have its own password.

Do not use the same or variations of the same password for different applications. Going back to the previous example, if my personal bank password is “orange23” then the business account password should NOT be “orange24”.  Better to use “tomato519”.

You’ve probably heard that you should never write out a password. Sometimes that cannot be avoided. Perhaps your attorney needs a password to share with heirs in case something happens to you. If a password must be written, ensure that  it will be kept in a securely locked place.

Never leave passwords on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place). If you must absolutely write passwords down for your own use, consider storing it in a safe or other secure location.

Consider using a secure password manager.  For example, some web browsers have a password manager already built in.  Some computer protection software, such as Norton 360, also have password managers built in.

If you have a password that is not strong, change it. Web sites usually have options that allow you to change/update your password.  The password option may be in a link such as “my account” or “account management” or “my profile” or “change password”.


Recent Posts