Choose a hacker-proof password
Passwords may seem like the bane of our electronic existence, but don't let the tedium of entering (and remembering) passwords leave you vulnerable for identity theft or fraud.
The Privacy Rights Clearinghouse has provided these tips for choosing strong passwords that will thwart determined hackers using computing power to get your data.
1. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.
2. Don’t use personal information. Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.
3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
4. If the web site supports it, try to use special characters, such as $, #, and &. Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers. (Here's a tip: try replacing some letters such as "o" or "i" with the numerals "1" or "0". --- lfk.)
5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute- force attack can easily defeat a password with seven or fewer characters. Microsoft has an online password strength checker at www.microsoft.com/protect/yourself/password/checker.mspx
6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.
7. Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too. Do not use the same or variations of the same password for different applications.
8. Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place. Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).
9. Consider using a secure password manager. The Firefox browser has a password manager already built in. The Firefox password manager and 4 others are reviewed at http://lifehacker.com/5042616/five-best-password-managers.
10. If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as "my account") somewhere on the site's homepage that goes to an area of the site that allows password and account management.
The back door to your password. Many sites offer a password reset or recovery system if you should happen to forget your password. While a useful feature, this may offer an additional opportunity to compromise your password. Be cautious when you choose the site security questions and answers that will be used to authenticate you if you forget your password.
Be sure that you don’t pick a question which can be answered by others. Many times, answers to these questions (such as a pet’s name or where you went to high school) can be ascertained by others through social networking or other simple research tools. In fact, this was the method recently used to infiltrate the Twitter employee’s account.
‘Til Death Do Us Part. While the integrity of your passwords is important to maintain your privacy, it’s important to consider what can happen when you die. You may have bank statements, bills, and other important papers that are only accessible online. Your heirs may not be able to access this information without a potentially lengthy and costly court proceeding ordering the Web site to release the information. You may wish to provide a to your attorney or another trusted individual.
