The digital age brought with it the need for lots of different passwords.  We have a password for each email account and social networking site we visit.  In addition, many websites we visit have passwords.   These passwords are critical for our online safety.  They protect our accounts from other people using them so others cannot steal our money, impersonate us or even steal our identity.  Yet many people do not give much thought to their passwords.   But it is important that we have a “strong” password for every account we have.

The term “strong password” simply means that passwords are difficult for someone to guess.  The stronger the password, the more difficult it is to guess.  Notice I didn’t say it was impossible to guess.  The locks on your home do not make it impossible for someone to break in, but the better the locks, the more difficult it is for someone to break in.  Most casual thieves will go down the block to a home that has less effective locks.  Most casual computer thieves will go to another account with an easy to guess password.  Someone who is determined, however, may eventually get in.

Most people select passwords that include their name, their children’s names, their pet’s name, birthdates, anniversary dates and other similar things because they are easy to remember.  Likewise, they are easy to guess.  Most people who know me know that I have a son named Mike and so that would be an easily guessed password (for the record, I do not have Mike as a password on any account).

So, how do you know what to select?  First, do not use the obvious items in the previous paragraph.  Second, do not use repetitions of the same character, like “cccccc”.  Similarly, do not use words that are in a dictionary.  These days, computer hackers do not sit at a computer and type in possible words, they have a computer keep trying them;  those computers use dictionaries as a source of passwords.   Yes, I agree that makes it more difficult for YOU to remember the passwords too.

Instead of a word, try using a phrase.  Let’s suppose instead of using “Mike” as a password, I start with the phrase, “I am Mike’s Mom.”  Most computers do not like spaces in a password, so you would have to connect the words either by running the phrase together, “IamMike’sMom” or by putting some character between the words, such as “I_am_Mike’s_Mom”.  This is a much stronger password.  First, it is longer.  Passwords should be at least 8 characters;  the longer the password, the stronger it is.  Second, it contains both upper case letters and lower case letters (making them different cases means computer thieves must try more options to break your code).  The second version of the phrase with the underlines between the words ( “_”) is stronger than the first because it is longer and because it incorporates special characters that a thief might not expect.

The next thing I would do is to do some substitution of letters with numbers (again, the more “different” kinds of characters you have, the stronger the password).  Have fun with it.  Instead of the “i” in Mike, use a “1” (one) and instead of the “o” in Mom, use a “0” (zero).  So, now the password is “I_am_M1ke’s_M0m”.  These are not words in any dictionary.  Or, instead, intentionally misspell a word, like “Mik” rather than “Mike” or use some shorthand or other substitution, such as “I_am_M1ke3s_M0m”.  Now we have a password that is pretty easy for us to remember, but hard for the computer thief to figure out.

I need to note here that different systems allow different characters.  Almost all systems allow both letters and numbers these days.  Some will allow certain special characters, while others will allow anything on the keyboard.  Make sure you understand the rules before you set your password.

What else should you do?  Of course, you should not use the same password for all of your accounts.  With the large number of accounts that can get frustrating.  I group my accounts into “types” or “purposes” and use the same passwords for each type, but different passwords across types.  It is not as good as different ones, but it is more practical.   I always have a unique  password for very important accounts, such as my work account or my bank account.  You should also change your passwords regularly.  You can do this by appending or substituting words or characters  to your phrase, or having different phrases each time.

If you use a public computer for your internet use, do not allow the computer to save your passwords;  this only allows the next person to use them too.  Do not keep a list of your passwords under your keyboard or next to your computer if other people have access to your space.  I keep mine in an electronic notebook, but access to the list is password protected.

Are you interested in knowing whether your password is strong? Sometimes you will get feedback from the organization for which you are selecting a password.  Or, you can check it with a trusted online service, such as Microsoft.

Advertisements