Melanie Pinola of Lifehacker on creating clever passwords:
The biggest problem is we’re all padding our passwords the same way (partly because most companies limit your password length and require certain types of characters). When required to use mix of upper- and lower-case letters, numbers, and symbols, most of us:
-Use a name, place, or common word as the seed, e.g., “fido” (Women tend to use personal names and men tend to use hobbies) -Capitalize the first letter: “Fido” -Add a number, most likely 1 or 2, at the end: “Fido1” -Add one of the most common symbols (~, !, @, #, $, %, &, ?) at the end: “Fido1!”
Not only are these patterns obvious to professional password guessers, even substituting vowels for numbers (“F1d01!”) or appending another word (“G00dF1d01!”) wouldn’t help much, since hackers are using the patterns against us and appending words from the master crack lists together.
This is a real serious problem. The collateral damage from all the recent security breaches has led to a treasure trove of passwords being available to analyze. Like archeologists or scientists, crackers are studying these patterns to determine how people think.
Most people I know tend to take password security for granted. Their two biggest flaws are weak passwords and reused passwords. The argument I often hear is, “no one cares about my data, I am not the one they would target”. In the past that was probably true, but that’s not really how it works anymore.
More often than not, once a set of email addresses (or usernames) and passwords is out there, people use automated methods to test these same combinations elsewhere. It’s likely that financial institutions and online stores are the first places they hit. This is the reason that you should at an absolute minimum use different and unique passwords for anything that has any of the following:
- Direct access to any financial institution accounts
- Saved credit card information
- Personal information that could be used for identity theft
If you are a person who already uses unique passwords for these places, that’s a big first step. But the complexity of passwords is important too. Most people I know don’t use numbers, capital letters or symbols unless they have to. Unfortunately just adding these things is not enough anymore anyway, at least in common ways like replacing the letter ‘E’ with a ‘3’.
Instead, the best solution is to use randomly generated passwords wherever possible, and the easiest way to do this is to use a password management system. LastPass is a cross-platform tool that works on pretty much any operating system and with any browser. The basic version of LastPass is free. My preferred option is 1Password, which also runs on most operating systems and browsers, but is not free. It’s actually quite expensive, running $50 for desktop versions alone.
Both of these systems operate pretty much the same way. They store your passwords and the sites they belong to and autofill these passwords on the websites when you visit them. This is unlocked with one “master password”. The idea being that the master password should be incredibly secure and unguessable, but it is the one password (1Password) or last password (LastPass) that you will ever need. This is a great system and allows people to use incredibly complex, impossible to guess (or remember) passwords. And because these passwords are unique for each website, even if someone were to acquire the password to one website, they wouldn’t gain access to another website.
There is a downside to using this system exclusively though. There are times when a password has to be typed in somewhere, and in those cases, having an impossible to remember password can be detrimental. In those cases passwords should be strong, but rememberable. Password Strength Checker is a great place to test out passwords to see how strong they actually are.
The bottom line is this, as more and more people move more of their lives online, there is more and more information to steal. As a result, strong passwords become increasingly important. And no time is better than the present to update your passwords.