Password Tips

A secure password is an important part of protecting yourself online. It’s no substitute for a good antivirus, firewall, and anti-spyware/adware programs. (FYI I’ve used Norton and McAfee brands at various times and was generally pleased. When I need a new program, I generally choose whichever I find on the best sale). However, passwords are still so important that I include here the best suggestions I’ve ever gotten for making passwords.

Quick Notes

I'm not an internet security expert, so I may be crazy. But if a password is so complicated that you can't remember it, isn't it useless? If something is important enough to password protect, do you want to wait 15 minutes every day to reset your password, because "Ooops. I forgot it again."? Therefore, I don't believe in recommending random passwords, like ak4p9w6, and I don't understand how you can avoid having them written down somewhere. That's why I generally have my base passwords (see tip #2) in my wallet. If my wallet is stolen, I keep a list of places where I have passwords (but not the passwords themselves) at home, work, all over so I can reset them immediately. This is a handy list to keep customer service phone numbers too, so you can cancel your credit cards at the same time. Also, while I talk about one password because it's easy, I'm paranoid and actually have three base passwords. If I forget which is for NewYorkTimes.com, and the first doesn't work, I only have to try two others before I get in. It's a little more confusing, but it is something else you can do to increase your password security.

1. Make sure there’s a mix of symbols.

It should include all allowable symbols including letters, numbers, capital letters, and punctuation marks. Sadly many passwords are limited and don’t allow certain symbols (punctuation is frequently excluded), but use as many different kinds as you can. (Sites that require ridiculously short passwords like 8 characters or less should be shot. It's so easy to break in, it's barely worth your time to make one.)
(e.g. pas?sWo5rd)

2. Every password should be different.

The most common password mistake made by people I’ve met, is that they use one password for everything. It doesn’t matter how “good” the password is, if someone breaks it or finds it written down, they have access to EVERYTHING. You’ve GOT to have different passwords.

This is a major pain if you don’t know the right way to do it. So, here's the right way. I pick a base password as in tip #1, but I modify it for each account. Add part of the website name or the email address. That way you have ONE password. When I need to change the password later, I still modify the new base password exactly the same as the old. It's only the base passwords that you need to change. This is the part you don't have written down so stealing your list doesn't automatically let someone into your accounts.
(e.g. yahoopas?sWo5rd at yahoo, emailpas?sWo5rd for your email, etc.)

3. Passwords should not look like they make sense.

You need a memorable password. The less you dig out list of passwords, the easier for you and the fewer people who know where you keep a written list of your passwords. However, if it contains real words, it's that much easier to break. The solution is to pick a memorable password but alter it in some way you'll remember. Then YOU can remember your password easily, but ANYONE ELSE who sees your password will think its just gibberish. Remove all the vowels, type it backwards, whatever you'll remember, because I don't write down this part either, just the base password.
(e.g. flip it backwards... dr5oWs?sapliame)

4. Have different levels of security.

I have two different email accounts just to register at websites I think will attract spam. That way when spam has crashed the email, I just stop using it and get another email account. Your spam is of low level concern and interest to you, so you don’t tax your brain in the same way. I have easy passwords that I don't modify at all (e.g. password123). If a hacker wants to go through my spam, it'll save me the trouble. On medium security material I have stronger passwords. At work, they have advanced firewalls, anti-spyware filters, and an entire IT department monitoring the system. Do I really have to break out my best password? Your boss would tell you different, but probably not. For one thing, if you’re sick and need to communicate your password to a coworker, you don’t want it to be too complex. You can probably leave out the punctuation which is hard to remember and just customize it (e.g. 321drowssapkrow). Finally, for high-priority things that are really important to you, bring your A-game (e.g. dr5oWs?sapliame).

Why? Different levels of security give higher security to all your passwords. Take this example. Say a hacker breaks one of your medium priority passwords. They still have to figure out exactly what your other medium priority passwords are, not an easy challenge. However, you made the low and high priority passwords in a completely different way; what a hacker learned breaking your one medium password won’t help them crack the low and high priority passwords. It might even make them HARDER to crack by leading hackers in the wrong direction.

5.!!!!!Change your passwords often!!!!!

Far and away the most important advice is to Change Your Passwords Every 6 Months! At the absolute most, change it once a year. If Dec. 31^st rolls around and you haven’t changed your password that year, do it. Any password, no matter how good will be broken with enough time. Passwords cannot and were never designed to provide permanent security, change them!