Security hacks are always making news. It seems like hackers are perpetually one step ahead of us peons. Kind of makes you want to give up, set all of your passwords to 1234abcd and just hope they don’t pick you.
Don’t. Please don’t.
There are ways you can protect yourself without making 20-character passwords that you’ll never remember. Here are five common-sense tips for making secure passwords you’ll remember in the future.
- Don’t use the most common patterns. The big no-nos are:
- BIGGEST NO-NO: all lowercase letters, no special characters or numbers.
- Ending with either two or four digits (password12; Password1234). Think about a name followed by a birthdate, birthdate and year, or just year.
- Single capital letter at the beginning (Awesomepword; Myname).
- Putting your mandatory special character at the end (Awesomepword!, password12@)
- Using a super-common word (password, letmein, iloveyou)
- Start with an uncommon word that means something to you. Did you have a uniquely named pet? Maybe your kid has a weird nickname. Or you like an oddly spelled flower, animal, or food. Just make sure it’s a word of a decent length.
- Mix up case, numbers and special characters. So if you don’t want to use the big no-no patterns, what are you supposed to do? Take that unique word and mix the modifiers into it. Let’s say you’re a fan of cheddarwurst. That could easily become che66A%wur$T. Keep in mind that many password hacking programs know that to try the obvious substitutions: @ for a, ! for l or i, 3 for e and so on.
- Use a phrase or mnemonic. Even better than mixing up one word is mixing up more than one. You can do this in many ways. You can do the character substitutions for the whole phrase chickenalaking becomes chi2ke&aLA(in6. Also, you can expand, shorten, or misspell words. golfingisfun becomes 6u!finIZf)n. Or turn a long phrase into a shorter one by using the first letter of each word. How do I compare thee to a summer’s day? becomes #doic32UH5d?
- Keep the most important passwords unique. Security experts say that every single password should be unique. If you’re not going to do that, at least keep the most important ones unique. Online finances (banking, credit cards), email, and taxes should be unique. Think about it this way: if your life could be wrecked by that password being hacked, it should be unique. If your online message board got hacked and they had your email and password, could they use that email and password to access your bank account and clear it out? Could they use your email account to send viruses to people? Could they get into Turbotax and get all of your personal information? Keep the biggies unique.
If I’ve freaked you out and you want to check the quality of your password, you can visit The Password Meter. And if you like reading more about bad passwords, check out Unmasked: What 10 million passwords reveal about the people who choose them. It’s a surprisingly fun read with great infographics.
Keep yourself safe online. Ch@ng3 your passwords so they aren’t so gu355@ble.