If you’re like most people, you have between 20 and 30 online accounts and logins. It’s a surprising number until you think about it: banking and investment accounts, online stores and auction sites like eBay, credit card accounts, remote-access logins, cloud backups, social media sites like Facebook and LinkedIn, web-based personal finance managers, and don’t forget PayPal.
Although there’s sensitive information in many of these accounts and files, two of every three people recycle the same one or two passwords over and over, for everything. Habit again, and simplicity.
But it gets worse. Most of these passwords are fairly easy for unscrupulous people to crack―they’re too short, too simple, too common, and too personal. And when was the last time you changed an existing password, assuming your program or account didn’t require it? Typically, the answer is at least three years, and maybe never.
So, what can or should you do to improve your passwords?
Given all the passwords you use on a regular basis―and force of habit, as well as the limitations of memory―there’s an obvious incentive to create a simple, easy-to remember password and use it for everything, forever. That’s probably why more than half of all people base their passwords on personal, readily available information―such as a family member’s name, a favorite pet, the name of a street they’ve lived on, a Social Security number or driver’s license number, or a birthday or anniversary, to name just a few.
As you might suspect, such passwords based on personal information are inherently unsafe. The information they’re derived from is readily available to unscrupulous hackers.
Characteristics of Bad (and Good) Passwords
Hackers often use password cracker programs to search out passwords so, in addition to items of personal information, there are a number of other elements to avoid in creating strong passwords. They include the following:
words that can be found in a dictionary, in any language
slight variations on dictionary words, such as common misspellings, spelling words backwards or backwards and forwards, or adding a “1″ or other digit or symbol at the beginning or the end.
names and other proper nouns
series of numbers or letters
Two of the most commonly used passwords are password1 and 123456.
The best passwords are longer (generally no less than seven characters), more random, and more complex―incorporating letters, symbols and a mix of upper- and lower-case letters. They’re also harder to remember.
Approaches for Creating Better Passwords
If you’d like to use a randomly generated password, there are a number of free online tools to help. PC Tools offers a free online password generator on unsecured and secured sections of its website. Another alternative is Strong Password Generator.
Unfortunately, while randomly generated passwords tend to be stronger, they’re also harder to remember.
One common alternative approach is to think of a sentence or a lengthy phrase that you can easily remember, such as John Glenn’s famous One small step for a man, one giant leap for mankind. Or song titles or lines from your children’s nursery rhymes. Then apply your own personal algorithm or pattern to adapt it.
For example, you could use the first (or second or last) letter of each word as a starting point: ossfamoglfm for Glenn’s famous statement. Then change all the “for” and “to” words to 4 and 2: oss4amogl4m. You could include a capital letter, perhaps at the beginning or the end, or every third or fourth letter, or after every number: Oss4Amogl4M. You could also include symbols. Just create a unique pattern that works for you and can be used to create any number of passwords in the future.
Tools for Testing Passwords
Assuming you haven’t used personal information or other easily cracked words as a basis for your passwords, how do you know just how strong they really are?
There are a number of online password checkers that will evaluate your passwords for you. Microsoft, for example, offers a free password checker in its Safety & Security Center.
Managing Your New and Improved Passwords
Now that you’re armed with stronger―i.e., longer, more complex and more random―passwords, how do you remember all of them?
If you feel you need to record them somewhere and you’re using the sentence-based approach, you’re in a much safer position. You don’t have to record the exact password, just a reminder of the sentence or phrase you’re using. For John Glenn’s quote, it could be moonor footstep or astronaut. Of course, you’ll also need to remember your pattern.
If you’re using randomly generated passwords, you’ll likely need to record the entire password.
If you’re using a paper-based method to record your passwords, don’t store them under your phone, in your file drawer or attached to the side of your file cabinet―all of which have been done before. Find somewhere safe and secure.
As an alternative, you could use a USB drive or other digital media to store passwords. Once again, make sure that the device is safe and secure. USB devices, for example, can be password protected and encrypted. There are even ways to erase the contents remotely if it is lost or stolen.
There are even software- and cloud-based password managers-some are free, some are purchased. For example, KeePass offers a free, open source password manager product, Password Safe. RoboForm offers a free version of its password and automatic login software (limited to 10 passwords), as well as desktop, mobile and access-from-anywhere versions.
Regardless of the approach you choose to effectively create and maintain your passwords, make sure it’s something you can use simply and consistently―and change regularly. Then make it a habit.