Seven Dos and Don'ts for Online Passwords and How to Manage Them
In the Mel Brooks movie Spaceballs, Dark Helmet (played by Rick Moranis) finds out the passcode to the shield guarding Druidia, a planet from which he intends to steal all the air, is "12345." When hearing it, he responds, "So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"
Even Dark Helmet understood the importance of good passwords.
That was long before the average American needed an increasing number of passwords for logging into Web sites, bank accounts and smart phones and yet, people still use passwords an idiot would have on his luggage.
I am consistently amazed when I talk to clients, friends and family members to find out their passwords are overly simple. Some have gone to the trouble of personalizing them, but only to the degree that they used their mother's maiden name with the number one behind it. Still I find people -- though not as often, fortunately -- who use "password" or "12345" as their passwords for Web sites of critical importance.
The general excuse is that it is too hard to remember all of them and the old chestnut, "Who would want my information anyway?" Unfortunately, when you consider that one overused password once caused a friend of mine to have his bank, e-mail and credit cards hacked, the answer is: more people than you think.
If you are still using really simple passwords, it's time to join the new century and get some security for your online accounts. Here are seven dos and don'ts when it comes to passwords and some ways to keep track of them.
7. Don't use common names or numbers.
Things like your birthdate, your anniversary date, your mother's or wife's maiden name, the name of your pet or the street you live on now are bad ideas. They are all things that are fairly easy to find with minimal research, and certain things like birth dates are the first thing identity thieves try.
6. Do use inside numbers and words only you would understand.
One of the best ways to get a good start with a password is to use some word or number the significance of which only you would know. Maybe you had a nickname for your pet or your first car. Perhaps a song lyric or the date an album you like was released. Maybe even the street number of a long-lost friend's old address. The more unique, the better, but you'll need more than just that.
5. Do create a system of multiple words and numbers for non-critical Web sites.
Once you have a handful of words and numbers, start mixing them up in a range of variations. Most people I know who really value security will have a combination of maybe five or six different words and the same number of numerals to use in various combinations. This will help at least give you some inkling of what a password might be if you can't remember it right off hand, but still keep them complicated enough to confuse anyone who would want to steal them. But, that still isn't enough.
4. Do mix up numbers and letters as well as upper and lower case.
Some Web sites won't even let you use a password without a mix of upper and lower case letters, numbers and symbols and, no, "Password1" is not adequate. Don't always capitalize the first letter of the word and don't always put the word and numbers in order. Occasionally throw in a symbol. For example, "Password1" is too simple, but "1pA55w@rd" is much better even though it's basically the same word and number combination.