If you’re like most people you aren’t as cautious with your passwords as you ought to be. I know, creating unique passwords for each site you have an account with can seem daunting and there’s probably enough complication in your life already. Yet you have this nagging voice in your head that says “if someone hacked any of my accounts, they could get into all of them…and that wouldn’t be pretty.”
That nagging voice is right. It wouldn’t be pretty. In June LinkedIn was hacked and millions of passwords were leaked online! (Read about it here.) If yours was one of them, does someone now have access to other accounts of yours because you’ve used the same password on that account? Scary thought. (If you haven’t done so, you can check to see if your LinkedIn password was leaked here. )
Both Sony and Yahoo! have had passwords hacked and leaked over the past year or two – just to name two companies you’ve probably heard of. There are many others.
Yet there are ways to develop safer passwords without overly complicating your life. We’re happy we’ve done it, and although we literally have hundreds of accounts and therefore hundreds of different passwords we can access most without taxing our memory or digging out that sheet of paper that lists them all. You can too.
Let’s start with what makes a safe password. Here’s some advice about how to make your passwords safe:
- Don’t Join the Crowd: The first rule is that you want your approach to your password to be different from what most people do. Computer programs are written to crack passwords and these programs are based in large measure on the behavior of most people. The following advice will put you on track to create a password that is outside the norm.
- More is Better: Most people have a password that is eight characters or less. A password that is at least eight characters and ten or more is best.
- Variety is King: Most people create passwords that use only one or two different types of characters, often just lower case letters. There’s more to your keyboard than lower case letters! Choose a password that mixes lower case letters, upper case letters, numbers and symbols. A very small percentage of people use a combination of numbers and letters in their passwords and an even smaller number use letters, numbers and symbols. We’ve read that every symbol you add to your password makes it 1500 harder times to hack!
- Don’t be Common/Don’t be Identifiable: Sometimes called “randomness” this characteristic relates to how easily the password can be identified to the person. For example, is your password your wife’s name and the date of your anniversary. (OK, maybe that’s more likely to be a wife’s password using her husband’s name and their anniversary.) Does it include the names (or initials) of your children or your favorite sports team or favorite dog? Is it a phrase you use frequently? (“NeverSayNever” uses upper and lower case letters and has more than ten characters, but if you’re known for saying that, it’s a bad password.) Never, ever, ever use “password”, your username, your address or birthday or anniversary. Likewise, don’t simply pick characters that are next to each other on your keyboard. (That would include not using consecutive numbers.)
- Be Unique: Yep, don’t use the same password for each site. And don’t use a system that is easily discernible. Security pros say don’t use a system. Period.
Actually, security pros will say that the safest password is the one you can’t remember. And we fully endorse that for critical sites such as banking, credit card access, investing, etc. For those less critical sites, however, we do recommend that you develop a system that incorporates these guidelines but allows you to easily access your accounts.
A password strategy can provide you with security and simplicity. The strategy will include a combination of a “root word” and unique prefixes or suffixes. Remember, the goal is to keep a hacker who gains access to one of your accounts from accessing other accounts.
- Develop a “Root Word”: In all cases, you will want to develop a “root word” for your password – a five to seven character “word” that you will use in all passwords. I’ve placed “word” in quotation marks because it won’t be a real word, but a combination of characters that incorporates both upper and lower case letters, numbers and symbols. Remember, this root word should be random and unique. Don’t make your root word Cru1seS! if you like to take cruises. Yes, it uses upper and lower case letters. a number and a symbol, but it is too easily identifiable to you. The best approach for your root word is to not use a real word. nR8!3 is a better root because it is meaningless.
- Then Make it Unique: Add to your root word, either as a prefix or suffix, something unique for each site. You might make it every third letter in the name of the company the site is for (which may or may not be the same as the site URL). So it your root is nR8!3 and you were accessing the Data Designs Publishing website your password might be nR8!3tDis. I added my unique characters as a suffix to the root word and used every third letter of the name of the company, counting spaces as letters, and following the capitalization in the name. That’s a pretty unique password strategy that would not be easy to break.
- Alter the Uniqueness: To make the strategy more secure, you can alter whether you apply the unique characters as a prefix or suffix. For example, you might apply the characters as a prefix for all sites of companies whose names that begin with the letters A-N and as a suffix for all the sites of all other companies.
- Two or Three are Better: Another approach to making the strategy more secure is to have two or three strategies that you apply when you create new passwords. We have two. At worst, if I can’t remember which strategy is used, I will “guess” the password wrong only once.
Simpler Still: Automate the Process
There are a number of software/cloud applications that will create complex passwords, store them and automatically log you in when you revisit sites. Check this article from InfoWorld for a review of seven of the top applications.
Want to test your password? Gibson Research Corp. has created a site that estimates the amount of time it would take to crack any password that you want to test. Check it out to test your newly created passwords. By the way, that password we created earlier – nR8!3tDis – would take 2.03 hundred thousand centuries to crack! So don’t even try!