Your Best Online Defense

Nancy Muir

Creating strong passwords is the best way to secure your Internet experience

Posted December 20, 2010

By Nancy Muir

Strong passwords and pass phrases are vital to preventing unwanted access to online accounts, from social networking sites to financial institutions and online stores where a credit card number is stored for making purchases. Many people are intimidated by creating strong passwords because the passwords seem difficult to come up with and less easy to remember. However, learning a few simple rules and tricks makes it simpler.

Make It Longer
Longer passwords are harder to figure out. Try for about 10 characters minimum. Some sites require that you have a minimum number of characters for your password, which is a good practice on the sites’ parts. Other sites don’t let you use more than 6 or 8 characters, for example. Just make the password as long as possible given the parameters.

Use Variety
Most people know that mixing up letters, numbers, and symbols such as $!@ makes a stronger password. Again, some sites require a mixture of characters while others won’t allow symbols. You can also use a combination of uppercase and lowercase letters to make stronger passwords, if a site doesn’t allow symbols. To help you remember such a password, try using a pattern from your keyboard, for example starting at the top left corner and forming a “W” pattern, a very strong and easy to remember password would be !qSXdr5ThnJi(.

Don’t Include Personally Identifiable Information
Putting personally identifiable information in a password is asking for trouble. This information may include your name, street name, child’s name, or the town your were born in. Anything that is a matter of public record, such as your birth date or address is easy for a crook to find out. Instead, use a favorite song or literary phrase (perhaps with some numbers and symbols mixed in, such as 2BorNo+2Be).

Avoid Repeated Letters or Numbers
Hackers can use programs to find instances of numbers in your password. If your password is 555John777, when the program finds 5 and 7, it’s scored six hits instead of two. Time is often of the essence for those trying to break passwords—because they can only do two or three tries before being locked out of an account. Don’t make it faster and therefore easier for hackers to break your password.

Avoid Common Words
A dictionary attack is a technique that uses a program to scan through all the common dictionary words in trying to break your password. Dictionary attacks can go through thousands of words in minutes. If your password is Airplane7, the word portion of the password will be found in seconds, which leaves only 9 numbers to run through to guess the entire password.

Spell Words Backwards
If you want to use a common word, spell it backwards and mix it up with numbers and symbols. For example, you might make your First National Bank account password “lano1taNkna8,” with words bank and national spelled backwards and the 1 and 8 standing in for the I and B.

Keep Passwords In a Safe Place
Everybody advises you not to write down passwords, but that’s not a very practical suggestion. It’s okay to write them down, but just don’t keep the list near your computer and don’t leave it where others can easily find it. Also, don’t ever share passwords with others; today’s friend can become tomorrow’s enemy.

Change Pass Phrases Often
One of the best defenses to having your accounts hacked is to change your passwords regularly—say every couple of months. This practice is especially important on any financial account or retail site that has your credit card on record for purchases.

Don’t Use the Same Password Everywhere
You should never use the same password on multiple accounts, because once that password is broken, it opens the door to all your accounts for a clever thief or bully.

Be Cautious About Password Hints
In addition to strong passwords, you should be sure to take care when creating password hints because thieves may use the “Forgot your password?” feature on many accounts to reset the password and access your account. Typical password hints are mother’s maiden name, high school attended, and so on. The problem with those is that they involve publically available information. If you are limited to preset questions and they are of this type, you have the option of using a false answer. The company doesn’t care what you answer as long as you match that answer every time you use the feature. If your mother’s maiden name was Smith enter Jones. If you can, choose among a broader range of questions or create your own. Choose one that involves non-publically available information, such as your favorite movie or the place you first met your partner.

Nancy Muir is the author of more than sixty books on technology topics. She was the original author of a series on technology for seniors including the titles Using the Internet Safely For Seniors For Dummies, Laptops For Seniors For Dummies, iPad For Seniors For Dummies, and Computers For Seniors For Dummies from Wiley Publishing. Nancy has taught technical writing and Internet safety at several universities, is the author of a highly regarded introduction to computers textbook used in community colleges, and has been a consultant to technology companies including Microsoft and Hewlett Packard. Her website, TechSmartSenior.com, helps people over 50 take advantage of all that computer technology has to offer.