How many of you have a password that is easy to remember but hard for others to guess? Not many. In fact, most of us rely on very traditional password creations and then we never change them. So let’s talk for a few minutes about passwords.
First of all, you aren’t alone in having an easy password and/or not treating the security of your computer more seriously. In one recent survey, 71% of people stopped on the street were willing to give up a password to one of their online accounts in exchange for a candy bar! In follow-up discussions, 40% said they knew at least some of the passwords that their colleagues used and 55% said they would have no problem giving their passwords to their boss.
Wow. A lot of folks who aren’t taking this seriously at all!
Now what do most people choose for their passwords? Pet names. Street names where they live. Their birthday. Their mother’s maiden name. All things that seem secure…but would not be for someone activily trying to hack into your accounts.
And to make it even easier for the hackers in the world, two-thirds of people surveyed use the same password for their work and their personal usage…so discovering one password would let someone into your work computer and your online banking!
So what should you use for a password? And how worried should you be about someone trying to get into your accounts?
Well, my gut reaction is, most hackers aren’t interested in us. They want a bigger bang for their buck. On the other hand, “brute force” hackers have software programs that work for them and they will be happy with any account they can access. So there is always some risk. And as more and more of us pay our bills online, manage our checking accounts online, purchase and sell stock online, buy things online, and conduct more and more personal and professional business online, security becomes more important.
So how do you make a good password? Well, even the experts disagree. But often the disagreement comes from trying to make a password that is impervious (at least as much as possible) to an intentional attempt by a skilled hacker. But we’ll assume no hacker is going to specifically target you. You just need good, generic security.
With that in mind, start with a password that is at least 6 letters long. The longer, the better. But it also becomes more difficult to remember as the string of numbers and letters grows longer.
Next, avoid your kids’ names, your dog’s name, the street you grew up on, etc. In fact, many experts say don’t even use a real word in your password. But we aren’t going to that extreme. So one simple tip is to think of a two word phrase that has some meaning to you. For the purposes of this example, I’ll pick “tech dude”. Now, reverse the letters. That gives me “hcet edud”. Throw in a random uppercase letter and at least one non-letter symbol. That gives me “hceT edud#3″. I can remember that. And no one else is going to guess it.
Now that I’ve got a good password…what next? Well, every expert says one password is not enough. I should not use that as my AOL password, my banking password, the log-in to my Flickr page, etc. Different passwords for different functions. But you can make them related so they are easier to remember. Just not too related. Or find a couple of different patterns. In my real life (not the “tech dude” example), I have three sets of passwords. Each set does different things. And I really only have to remember three passwords as the ones within the set are very similar.
Next? DO NOT WRITE YOUR PASSWORD DOWN AND LEAVE IT NEAR YOUR COMPUTER!!! Fifty-one percent of people interviewed said the kept their passwords on a piece of paper on their desk or typed in a document on their computer. And the name of that document? In almost every case, it was “My Passwords”. Now just how hard is it to figure that one out! So keep your passwords in your head! And if you must have a master list somewhere, keep the list far away from the computer so that only you would make the connection between the words on the paper and the keyboard.
Finally, you should change your passwords on a regular basis. Again, how regular is up for interpretation. And I’m a bad role model for this one. I rarely change mine because I’m lazy. But that is the safest thing to do.
And if you decide to live the life of a hacker, trust me, most passwords really are as easy as possible. In fact, until just a couple of years ago, the most used password for all purposes was…”password”. Now, since many PDA’s and most routers and modems that folks use to install the wireless networks in their homes come with the same default password, the current most popular password for most people…”admin”.
But don’t say I told you to try it!
PS - “tech dude” and all possible variations of “tech dude” are NOT my password. Really.