The best way to lock something up digitally—whether it's to keep out hackers or your kids—is to use a different, strong password for every site and situation. So when break-ins occur, like they did on LinkedIn and eHarmony in June, only information you shared with one site is in jeopardy. What constitutes a strong password, though, may not be what you think.
The usual definition of a strong password is one that has at least 8 characters (the longer the better), with a mixture of upper and lower-case letters, numbers and, if the site or service allows, special characters, such as "!," "#" and "?."
It turns out the biggest factor in determining the strength of your password is its length, according to a study by Carnegie Mellon. Numbers, capitalization and special characters are all bonuses, but a short password that uses all of these tricks will still be much easier to crack than a long password with real words.
So how strong are your passwords? You can check them on PassFault.com, a site created by a well-respected computer-security expert.
When you input your password (I recommend using one that's the same length with a similar mix of letters, special characters and numbers, rather than your real password), you'll get an estimate of how long it will take to crack. Passwords should take at least a year to crack and, ideally, centuries. For instance, I found that the password "treadmillfun1" can be cracked in 2 months, 9 days with a regular computer and in less than a day with a $900 password attacker.
If I change the password to "treadmillsaresofun1", the rating goes up to 4185 centuries for an everyday computer and up to 17 centuries for a $900 password attacker. The password is just as easy to remember and is much more secure.
Remembering all those passwords, though, is still difficult. That's where a password manager comes in handy.
You may already have a password manager that came with your Internet security software, like Norton Internet Security 2012 or Kaspersky Internet Security 2012.
If you just use a computer, try downloading the Mozilla Firefox Web browser and using its built-in password manager. Make sure you create a master password to protect your list by clicking on the "Firefox" button, then "Options" and then "Security." Safari 6, which is available for Macs running OS X Lion and Mountain lion, also stores passwords under your login. Other web browsers will save your passwords, but they're not protected by a master password.
If you access secure sites on your smartphone as well as your computer, you'll want one solution that works on all devices. I like Norton Identity Safe (free on Norton.com), which works on PCs, Macs, Android devices and iOS devices. In addition to storing your passwords under one strong password, it will fill those passwords in for you, generate new strong passwords for you (you can choose the length) and warn you about unsafe sites.
Thank you - great information!
From Kelly on August 08, 2012 :: 11:09 am
Thank you - great information!