Skip to: Content
Skip to: Site Navigation
Skip to: Search

Tech
Subscribe

 

  • Advertisements

How to pick a password that's secure and easy to remember

Password cracking: It's just a matter of time. Here's how to fight back.

(Page 2 of 2)

"It's not me trying to guess individual passwords," he says. "Hackers use so-called 'dictionaries,' " lists of common terms and phrases that a computer tries one after another until it finds a match.

Skip to next paragraph

Enlarge Photos
Related stories

Since 1 in 5 accounts draws from the same pool of 5,000 passwords, an automated program has pretty good odds – especially since Imperva estimates that modern PCs can race through 110 tries each second.

That leads to the second rule: The longer a password, the better. Eight to 10 characters work best.

Why? Even if you avoid common terms, some hackers could still attempt to "brute force" their way into your account. This means telling a computer to try every permutation that it can think of until it busts in. On average, a five-character password will last a couple of hours against such a barrage, according to John Pozadzides, CEO of software company iFusion Labs. Eight characters will hold up for centuries. (See chart, above.)

This also explains why sticking to lower-case letters is a bad idea. "Adding just one capital letter and one asterisk," Mr. Pozadzides says in his report, "would change the processing time for an eight-character password from 2.4 days to 2.1 centuries." (While he calculates hacker speeds differently from Imperva, the scale is what's impressive.)

The solution? To pick a lengthy string that's easy to remember, but gibberish to others, think of a phrase. For example, Hamlet's line: "To be, or not to be: that is the question." Boil this down to an initialism: TbontbTitq. Now swap in some numbers and special characters: Maybe "2" instead of "to" and "?" to replace "question". (Zeroes make nice "O's" and "3" works as an "E".) You've now got 2bon2bTit? – a 10-character chain with all the fixings.

Add another layer of security by extending it for each website. That way, if someone figures out one of your passwords, they don't gain access to all of your accounts. Attach Fk to your Facebook password or maybe Hm to Hotmail. Better yet, reverse the order of these additional letters to further obscure their meaning.

For more computer advice, check out:

Got a new computer? Install these nine programs right away

Three easy ways to save your computer from an early retirement

Should you get an extended warranty on gadgets?

1 | 2

Follow us on Twitter and Facebook.

E-mail Permissions
About these ads

Photos of the day

05.27.12 »

Editors' Picks:

About these ads

What happens when ordinary people decide to pay it forward? Extraordinary change. See how individuals are making a difference...

Pastor Jean Enock Joseph (c.) visits one of his projects in Croix-des-Bouquets, just outside Port-au-Prince, Haiti’s capital.

Jean Enock Joseph teaches self-help to lift Haiti

Pastor Jean Enock Joseph doesn't shy from Haiti's toughest problems. His message: Haitians have the ability to help themselves.

Become a fan! Follow us! YouTube Link up with us! See our feeds!