How to Pick a Secure Password

 

In the movies, hackers make it look easy to crack a password. The fact is, it often is as simple as it seems on the big screen. “While passwords are a vital component of system security, they can be cracked or broken relatively easily,” according to software company Symantec.

And once thieves break into your accounts, your personal information and identity are at risk.

But there are simple steps you can take to choose a secure password. 

1. Be unconventional.
Avoid common words anyone can find in the dictionary, and simply adding numbers to common terms, like mainstreet12, isn’t any better. Hackers write programs to crack these types of passwords first.

2. Stay impersonal.
Many people use birthdays, addresses or other personal info to make passwords memorable. But it is “alarmingly easy” for hackers to obtain personal information about prospective targets, according to Symantec. Avoid anything that refers to your name, nickname, the name of a family member or pet and any personal numbers like phone numbers, addresses or other information.

3. Be complex. 
The longer and more complicated your password is, the harder it is to guess. Include numbers, symbols and mixed-case letters. Google suggests this technique: Create a phrase known only to you, and associate it with a particular website. A phrase for your email could be “My friends Tom and Jasmine send me a funny email once a day.” Use numbers and letters to recreate it. “‘MfT&Jsmafe1ad’ is a password with lots of variations,” notes Google.

4. Mix and match. 
Do the same to create a unique password for every other password-protected site you visit, Google suggests. 

“Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office—if a criminal gains access to one, all of them are compromised,” it says.

5. Change them up. 
Passwords should be changed regularly to remain effective. How often?

Online financial accounts should be changed every month or two; corporate network passwords every 3-4 months. Everything else? Simply use good judgment and don’t be lazy.

“Changing a password is relatively quick and painless compared to the irritating and expensive process of combating identity theft.”

6. Put it to the test. 
Online password checkers can evaluate a password's strength. Microsoft has a password checker here

7. Consider a password manager. 
Connectsafely.org suggests using a program or service like RoboFormLastPass or Password Safe to create strong passwords for each of your sites, but you only have to remember one password to access the program  that stores your passwords for you. Another service, Dashlane recently received praise from the New York Times’ David Pogue.
“It saves you infinite time and hassle, it’s (mostly) free, and it belongs on your computer and phone this very day,” he wrote. It’s now out in 2.0, and both memorizes your password and automatically logs you in to websites, even with complex logins such as bank accounts.

8. Use common sense.
Connectsafely.org reminds users that smart Internet habits are the key to password protection:

Never share your password with anyone. The only exception: kids should give theirs to their parents.

Don't post it out in the open. Studies have found that many people still post their password on a sticky note, the organization reports.

• Don't fall for "phishing." Never click on a link (even if it appears to be legit) that asks you to log in, change your password or provide any other personal information. It might be a "phishing" scam.

 

Jamie White is the managing editor of news content for LifeLock. As a journalist for the last 15 years, she has worked as a reporter and editor at news organizations throughout the San Francisco Bay Area, including The San Francisco Examiner. Most recently, she was a regional editor for Patch Media, a local news and information consortium of 900 websites nationwide. Jamie holds a master's degree from Columbia University's Graduate School of Journalism.


Federal Trade Commission. “Consumer Sentinel Network Data Book For January – December 2011.” February 2012.
Javelin Strategy & Research. "2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier." February 2012.