What’s the password?

One of the biggest impacts of our modern online existence is the need for us to use – and remember – userids and passwords. Lots of userids and passwords!

If you work in a business where you use networked computer systems, you know what I’m talking about. Various surveys have shown that the average corporate network user has to remember anywhere from five to 15 passwords!

That number doesn’t include all the userids and passwords for your personal use such as online banking, credit card accounts, airline frequent flyer clubs, hotel or other travel club memberships, business or trade groups, online shopping sites, insurance company sites, blogs, online forums, gaming sites, … YIKES! How do you keep it all straight?

One way some people deal with this jumble of userids and passwords is to simply use a familiar word for all their passwords like the name of their spouse, child, or pet, or maybe their birthdate, house or apartment number, etc. A recent survey showed that the most commonly used password is … "password"!

Unfortunately, this is almost as bad as no security at all, and is just what a criminal hacker is expecting. They can download ready-made "dictionary attack" lists full of the most common names and number combinations used as passwords, then setup an automated script to try them out and see which ones work. It usually takes just minutes to guess such easy passwords.

So how do you create a secure password? Here are a few basic dos and don’ts:

1) DON’T leave your passwords on a sticky note pasted to your monitor or in your top drawer – 60% of all security breaches are done by insiders (co-workers, friends, or family), not outside hackers!

2) DON’T use current telephone numbers, social security numbers, or family member names – it’s pretty easy to go online and find out all kinds of information about you, including your birthdate, your family members, your home address, your phone number, and so on.

3) DON’T use the same password for everything – some userids and passwords would have minimal impact if someone else learns them (like those used to access a blog or forum), while others hold the key to your financial well-being. Use a different password for those high-impact security areas.

4) DO use acronyms for passwords – it’s hard to guess or remember a password that is a jumble of letters or numbers, so try making up an acronym that you can remember like "Steelers Fans Are The Greatest" or "I Like Rolling Rock Beer." Turn this into an acronym and it becomes "SFATG" or "ILRRB" – nonsensical words to anyone who doesn’t know what they stand for, and harder to crack via a "dictionary attack."

5) DO add numbers or other non-alphabetic characters to your passwords – this makes them even harder to guess.

6) DO change your passwords on a regular basis – preferably 3 to 4 times a year, especially for logins that grant access to your personal information or bank accounts. If nothing else, at least switch the sequence of letters or numbers ar