Once upon a time, the only password you needed to remember was the four-digit PIN for your ATM card. Today, passwords rule every aspect of everyday life, from your Facebook and Twitter feeds to your online banking services to your local library and company intranet. You want in? Password, please.
For most people, this poses two significant challenges: how do you create hacker-proof passwords that are also easy to remember, and how do you organize and manage them in a secure, convenient way? (Because, let’s face it, you’ll never remember them all. Some kind of organization is essential.)
It’s because of these hassles that most folks get a failing grade in password management. That’s the bad news. The good news is, it’s not difficult to change your security-challenged ways. For starters, let’s take a look at what constitutes a safe password.
What’s the ‘word?
In recent years, hackers have made off with (and in some cases posted online—the horror!) hundreds of thousands of user passwords. And not just from news and productivity blogs like Gizmodo and Lifehacker, but also major stores like Home Depot and Target. When analysts looked at all those passwords, they discovered that the most popular ones were barely passwords at all:
If this doesn’t cause your eyebrows to shoot up, then you’re guilty of this very form of password mismanagement. And it gets worse: security firm Sophos determined that approximately one-third of all users employ the same password for everything they do online. That means if hackers get your password for one site, they’ve got it for all the other sites you use.
That’s why it’s vital to use a different password for each and every site you visit. Likewise, because hackers employ sophisticated password-cracking software to guess their way into your accounts, you can’t just use “123456.” Or the dog’s name.
So what constitutes a secure password, and how can you come up with a good one for each of your online destinations? You have two options: automated and manual. Let’s start with the latter.
Longer passwords are tougher passwords. Most sites require at least six characters, but if you can stretch it out to 10 or 12, you’ll raise its level of protection by several orders of magnitude. (More characters equals more possible combinations.)
Also key: a combination of upper- and lower-case letters, at least one number, and, if the system allows, a symbol. So, for example, while you know that “password” makes a terrible one, you could vastly improve it by capitalizing the “p,” replacing a few of the letters with numbers, and tacking on a symbol. Here’s how that would look:
Of course, that doesn’t remedy the need to have different passwords for different sites. One viable method is to start with the name of the site, and then build a password around it. For example, for Netflix you could swap the “e” for a “3” and the “i" for a “1,” giving you N3tfl1x. Now you just need to personalize it: tack on, say, your initials in the front and then reverse them at the end. Thus, Joe Smith’s Netflix password might be jsN3tfl1xsj.
That’s 11 characters, including a mix of upper- and lower-case letters and a few numbers. Passwords don’t come much more impenetrable than that -- at least according to Microsoft’s Password Checker, which provides a “Strength Rating” based on any test-password you type in. (Incidentally, Microsoft recommends passwords that are at least eight characters long.)
What’s great about this approach is that it’s fairly easy to remember. The name of the site, a few letter/number swaps, and your initials for the prefix and suffix. Swap the initials for, say, some punctuation and the system gets even stronger.
That said, remembering your passwords is the other half of the battle. And that’s why some kind of automated solution can be a major help -- especially if you want to manage and even transport your passwords, which can be very useful.
If you’d rather not be bothered coming up with—and remembering—secure passwords, fear not: there are plenty of programs and services that can help you do both. Specifically, a password manager can generate unique, hack-proof passwords for each site you visit, memorize those passwords for you, and enter them into the password field every time you return. All you have to do is remember a single master password so you can access the manager. In other words, one password to rule them all!
There are lots of good standalone password managers out there, but because your computer needs comprehensive security in the form of antivirus software, consider a security suite that includes a password manager as part of the package. Kaspersky PURE is one such suite, combining core antivirus and spyware protection with extras like password management and online backup.