8/13/12

5 Tips for Creating Strong Passwords That Are Easy to Use

Today, there is a story that those who are following the tabloid story of Twilight star Kristen Stewart's affair with the director of her new Snow White movie are vulnerable to malware attacks.  Seems that evildoers like to tag their malware (viruses and the like) to popular topics -- and this Twilight saga split of the Kristen Stewart and Robert Pattinson is right up their alley.

One of my clients is very concerned about this, since her kids love Twitter and Facebook and use her laptop routinely - and in doing so, they've already opened the door to one or more viruses which her tech support believes gained access through those shrunk links that appear on tweets and the like.  It's called "clickjacking."

Which brings us to passwords.  My client's biggest concern was protecting her financial sites as well as her blogging account.  Could the virus circumvent her passwords?  How do you create a strong password?  How can you make passwords that are strong and that are also easy to use (and remember)?

Passwords need to be easy for you to remember and hard for those computer villains to figure out, even with their sneaky password finding software.  Don't share them with anyone.  Don't put them on sticky notes on your monitor.  Remember to change them -- say on the 1st of every month.

Here are five (5) tips for creating strong, easy to use passwords:

1.  Use a quote or a short sentence that is personal to you.

Carnegie Mellon's Computer Science Department recommends sentences such as "I have two kids: Jack and Jill."  For sites that only allow a certain number of characters, they suggest you memorize a short version of this sentence and use it:  "Ih2K:JaJ"

2.  Use two unrelated words and then add some tweaks

Tweaks?  They can be whatever works for you: like added punctuation and a capital letter or two which will be easy for you to remember.

Carnegie Mellon gives an example here of  "book and goat" which then becomes "bo!ok29goat"

3.  Use different passwords, and change them often.

PCMag recommends that you change your passwords as often as you change your underwear.  PCMag also recommends that you use different passwords for different sites: never use the same password for different things. Don't use the same password for your online banking and your email account.  That's just asking for trouble.

4.  Move your hands on the keyboard.

PCMag has another good idea:  once you have your secret password, move your hands on your keyboard so they are one row up or one column over -- then type.

5.  Make things easier to remember by having your own password themes.

ComputerWorld suggests having a personal theme to your passwords that relate to a personal life event, such as the birth of a child.   OneMorePush and IceChips were given as some of their examples here.

What I'm Doing With My Passwords These Days.

Not too long ago, I was hit by an evildoer that did get one of my email account passwords.  However, the damage wasn't too bad -- it was an account I had set up to receive all those newsletters, daily quotes, etc. and not my personal or professional stuff.   Still, it was scary enough that I spent most of a workday setting up all new passwords and a password-changing schedule (not on the 1st).  I feel safer for it, and I think you will, too.

Another thing I did:  I stopped opening those shrunken links.  If the tweet doesn't give me enough info for me to google the site, and if I'm not interested enough to do a Google search, then so be it.  Turns out to be a nice time saving tool as well as a security strategy.

For more:

Microsoft suggestions on passwords.

Microsoft Password Strength Checker (input your password for evaluation). 



2 comments:

Harry said...

One thing your client should do, assuming that she is using Windows, is to establish separate user accounts for the children. That user account should NOT have administrative privileges. This will decrease the chance of malware being downloaded.

As for passwords, you can create an easy to remember yet unique password for every site by creating an easy to remember phrase such as "[Insert website] is wonderful!" Thus, the password for Facebook becomes "Facebookiswonderful!" and Twitter would be "Twitteriswonderful!." Of course, if someone ever figures out your pattern, they can figure out all your passwords, but they'll have to learn you pattern first. You can add to the security by substituting numbers for words (Leet speak) and throwing in extra punctuation so your Facebook password becomes "#F4c3b00k15w0nd3rful!."

Unknown said...

Hi Harry,
Thanks for sharing some great ideas, especially the Leet speak suggestion.

While it almost becomes fun to think up cool new password phrases (almost, LOL), it still seems sad that we all have to go to these lengths to stop evildoers from accessing our accounts. Arrgh. Oh well - these are the times in which we live!

Thanks again for writing!
Reba