How to pick a password that’s hard to hack
If there’s one lesson to be learned from the rash of hack attacks recently, it’s the value of a strong password.
Just look at what the hacker group LulzSec dug up. After hacking into the websites of the CIA, PBS and Sony, it posted on the Internet the email addresses and passwords of 62,000 compromised accounts.
A quick scan of the list showed that most passwords were easy to remember — and easy to crack. Sample: “wildwoman,” “coffeecup,” “peterp,” and “kindle.”
Of course, the ideal password would be long, unintelligible and nearly impossible to predict. Like this: !co4D4)f%d. But good passwords are hard to remember, which is why so many people end up with easy ones or reuse the same password for multiple accounts.
Nowadays, passwords are the keys to your digital life, and they safeguard everything from your email accounts to your bank accounts against cyber criminals. Here are a few ways to protect yourself online:
• Use mnemonics. Pick a personal sentence, as I did for my college account: “I am an NYU student!” and take the first letter of every word to create a password “1iaanyus!” (NYU requires its students to add a number for extra security. And no, that password doesn’t work anymore.)
• Know that longer is usually better, but not always. A six-character password such as 7cG&!s is more secure than a longer password that uses a word or a phrase, such as iloveyou.
• Change passwords to your bank accounts every few months.
• Write down the passwords on a list without user names. Keep it with your passport, car title, Social Security card or other papers you are not likely to lose.
• If you truly cannot remember passwords and tend to lose scraps of paper, use password-managing software such as LastPass or KeePass that encrypts and stores all your passwords. Some will automatically plug in your password at the appropriate sites. They’re usually free or charge a nominal monthly fee for extra features.
• If you want the ultimate protection — and have the memory of an elephant — consider using a “random password generator” that you can find by doing an Internet search. It’ll spit out passwords depending on how complicated you want them to be.
And a few things to avoid:
• Never use simple words or phrases, even if you spell them backward and add a number. Hackers have software that can predict commonly used words.
• Never have the same password for every account, especially for bank accounts and sites such as Amazon.com that can store your credit card information.
• Never email passwords to yourself. If hackers gain access to your email, they would then have the whole kit and caboodle.
• Avoid using personal details. Do not include your name, birthday or home address, which can be easily guessed by someone who knows you.
• Don’t share your passwords with friends or family.
• Don’t log into sensitive accounts when using public Wi-Fi.
And finally, it’s important to remember that no password is completely immune from being cracked, said Robert Rachwald, the director of security strategy at Redwood Shores, Calif., digital security firm Imperva. The best way to keep your personal information safe is to avoid providing it if at all possible.