Search
    Google
    Tip of the Day Blog
    The Web
« Angie's List | Main | Top 10 MP3 players under $100 »
Monday
Jul242006

Choose great passwords

Choose (and remember) great passwords

by Gina Trapani

A secure, memorable password is easy for you to remember, and hard for others to guess.

Everywhere you turn you’ve got to come up with a password to register for something or another. Whether it’s the dozens of web sites that require you log in to use them, or your ATM card PIN, or your wireless network login, how do you decide on a new password? More importantly, how do you remember it?




Don’t use the same password for everything.

The problem with using the same password for everything you do is that if it’s compromised and someone finds it, the rest of your identity is at risk. If your mutual fund company, for example, has a security breach that exposes usernames and passwords, and you use the same login details there as your online banking and at Amazon.com, potentially thieves could not only compromise your mutual fund account, but your online banking account and credit card details stored in your Amazon.com account as well.




Remember 100 different passwords with 1 rule set.

You don’t need to remember 100 passwords if you have 1 rule set for generating them. One way to generate unique passwords is to choose a base password and then apply a rule that mashes in some form of the service name with it. For example, you may use your base password with the first two consonants and the first two vowels of the service name. Say your base password is “asdf.” (See how easy those keys are to type?). Then your password for Yahoo would be ASDFYHAO, and your password for eBay would be ASDFBYEA.

Something simpler - but along the same lines - might involve the same letters to start (say, your initials and a favorite number) plus the first 3 letters of a service name. In that case, my password for Amazon would be GMLT10AMA and for Lifehacker.com GMLT10LIF. (Include obscure middle initials - like your mother’s maiden name or a childhood nickname - that not many people know about for extra security.)

Before you decide on your single password generation rule, keep in mind that while password requirements are different for each service in terms of length and characters allowed and required, a good guideline is a password at least 8 characters long that includes both letters and numbers. To make a password even more secure - or applicable for services that require special characters - add them around it, like #GMLT10LIF#.




Choose your base password

Some options for choosing your base password:
  • The first letter of a phrase or song refrain. For example, if you wanted to use the famous Jackson 5 song “I Want You Back”, your base password might be “IWUB.” Remembering the password is a matter of singing yourself the song.
  • Use a pre-established keyboard pattern, like “yui” or “zxcv.” Just look at your keyboard to remember it.
  • Use your spouse’s initials and your anniversary, like “TFB0602.” This one guarantees you won’t forget an anniversary card, either.
  • For extra security, choose an easy to remember base, like your spouse’s initials, or the word “cat” and then shift your fingers up one row on the keyboard when you type it. In the case of “cat,” you’d get “dq5.”
  • Then combine this base with some extra information unique to the service. A clever password generator bookmarklet creates a password based on a web site URL and autofills it when you visit that site with a click. View John Udell’s video demonstration of this bookmarklet in action. Another option is to simply use Firefox to manage your web site logins. See previous feature, Secure your saved passwords in Firefox for more information.
  • One problem with rules-based passwords is that some sites have their own password requirements that conflict with your established password, such as “no special characters” or “at least 12 characters in length” or “all numbers/numbers and letters/just alphabetical.” In those cases, somehow you have to document or remember the exception to your rule for those services. On Friday we’ll cover tracking your passwords somewhere more secure than that sticky note on your monitor.

EmailEmail Article to Friend