News

Why You Should Make Your Passwords Harder To Crack

By Michelle Castillo | December 14, 2010 | +
GETTY

A posted list of frequently used passwords revealed by the Gawker Media hack as determined by the Wall Street Journal reveals that 123456 is the most popular. Seriously, users couldn’t come up with something more creative than that? Second runner-up was password, followed by 12345678, which brings up the scary point that most of us don’t put much thought into protecting our accounts at all. (Props to the X-Philes who used TrustNo1, Mulder’s password.)

But it turns out it’s not just Gawker Media users who are sloppy. Just this past August, a survey completed by Bit Defender showed that 75 percent of people had the same password for their email and social networking sites, according to PC World. Even worse, finding the email or user name attached to people accounts was simple especially because 87 percent of emails revealed online through blogs, random social network postings or the like. We’re not getting any smarter: A survey by Webroot revealed that four out of 10 people have shared their password with someone and 30 percent of them logged into a site with their own password over public WiFi.

So, in the spirit of protecting your password (and your entire life) follow these tips:

1. Put in some random characters (ex.@,#,$,%,^) to make your password more complex because it makes it so much harder for hackers to guess, like this Microsoft Online Safety Guide suggests.

2. The longer your password, the harder it is to guess. A lot of websites suggest that you make it at least six characters long when you first create your password.

3. Deliberately misspelling a word can make it so much harder to crack, according to Stanford University ITS.

4. Don’t use names or numbers that have a big significance to you, such as your birthdate or your anniversary, Wolfram says.

5. Don’t make your username a version of your password. You’d be surprised how many people do this.

6. Try not to use the same password for all your accounts that way if someone finds one of your passwords, they haven’t hit the motherlode.

7. No matter what: DO NOT SHARE YOUR PASSWORD. (Or, if you’re like me and share your Netflix and Xbox Live account with a few people, my friends and I have a designated share password that is different from everything else we use. That way we never forget – and we don’t reveal personal information)

8. Change your password regularly, mentions About.com. A good rule of thumb would be to change it as often as you change your toothbrush, which is supposed to be every three months.

More on TIME.com:

How to Check If Your Gawker Password Has Been Stolen

Most Memorable Hacking Moments

IronClad: A Tiny, Secure Computer in Your Pocket

Sarah Palin E-Mail Hacker Sentenced To One Year In Custody

Related Topics: Gawker Media Password Hack, Password, Password Protection, web, News
  • http://www.bartongellman.com/ Barton Gellman

    May I also recommend the Counterspy column: “Passwords: How To Stop Ignoring The Expert Advice”

    http://techland.time.com/2010/09/16/passwords-how-to-stop-ignoring-the-expert-advice/

  • wrenthefaceless

    “1,2,3,4,5? Thats the kindof password an idiot puts on his luggage”

    Ah Spaceballs and your infinite wisdom.

  • http://gum0nshoe.wordpress.com gumOnShoe

    Grid systems are pretty good ways of generating and remembering safe passwords. I don’t use them personally because I have my own methods that are safe, but they are easy to remember. This one recommends using a pattern:

    http://www.vvsss.com/grid/

    There are others that use a different grid with all the letters of the alphabet on on the edges and a random set of characters in the grid. You pick a word and use the letters as coordinates to pick a random password.

    But yeah, things you should avoid:

    1) Using English words. There are a limited number of words in the English dictionary. A dictionary attack is simple to execute.

    2) Never use any part of your password in a typed conversation. It is possible that an attacker might scan blogs you frequent for words you use and construct their own dictionary. I’ve seen it done.

    3) Pay attention to the address bar when you type in your password. The easiest way to lose your password is to be phished. Having a couple passwords for levels of trust you grant a website is always a good idea if you can’t come up with an original one for every site you visit. Some accounts can be compromised and you don’t have to care about it. Keep those passwords different from ones which actually represent who you are and which allow trusted communication with your contacts.

    4) Use non-alphanumeric characters as suggested above.

    5) Don’t write (or type) your password down in a legible or easy to understand fashion. People who want to steal your password probably know who you are and where you’d keep such a thing.

  • http://jerrybloomfield.wordpress.com jerrybloomfield

    You know, an authenticator like the one Blizzard sells for WoW would be great. Something different every time you log in.

  • http://kayoyama.wordpress.com kayoyama

    oh no.. i only use 1 password on every account..

  • katy93

    We were taught to use a sentence we’d remember (or a quotation, a book title, whatever) and do the following:

    Convert any words to symbols:
    “My kids like peanut butter and jelly sandwiches” –> “My kids like peanut butter & jelly sandwiches.”

    Take the first (or second, or third) letters of the remaining words: “Mklpb&js”

    Convert letters to numbers or symbols:
    Mk1pb&j$

    It works pretty well, and I find that movie and TV quotes produce nice long passwords with no English words and a sufficient number of numbers and symbols. Plus they’re memorable and promptable–I can write on a post-it inside some book on my desk “favorite quote from Spaceballs” and remember my password.

blog comments powered by Disqus