Picking a secure password isn’t easy.
Many people simply use the names of one of their kids and maybe the family pet.
Names of your child or pet come to mind quickly.
Banks, apps, websites and many others force us to pick passwords. On one hand you want a password that’s easy to remember. That’s where kids and pets come in. Simple, right?
On the other hand, experts tell us to pick a sufficiently complex, unique password that no one will ever crack. Of course, you’ll never remember that one, and we’re not supposed to write it down in an accessible place.
I was fairly shocked when I saw a number of books in a bookstore on how to hack. What benefit do such books, also available online, provide to society? Why would anyone sell books teaching the deep dark secrets of what amounts to theft? But, they do.
The point here is that hackers exist. They lurk on computer keyboards seeking easy money. It might be a website you’ve ordered from and left your banking information. It might even be your bank account they’re trying to directly penetrate.
So how do average smart people protect themselves and pick decent passwords?
Here are 6 tips to picking a good password:
-
Never Use Personal Information
Don’t pick familiar personal easy to remember themes. Whether it’s a person important to you in the present or the past, never use these. Hackers out there look for your deep dark inner info. This is why seemingly harmless questions pop up and why you should NEVER answer them. Resist the temptation to answer seemingly innocent questions like these:
Who was your favorite teacher?
What was your first car?
What street did you grow up on?
Can you remember your childhood telephone number?
What is the name of a pet you miss?
What movie would you watch again?
Hackers want this information. They have nothing better to do. Once they acquire this data, they feed it into hacking software which generates combinations likely to be used by people like you and I as private passwords.
There’s software out there that can try billions of combinations per second. And a company exists that calls itself a professional password cracking entity.
Under a technique known as brute force hacking attackers employ software known as string generating technology to reverse engineer your passwords.
Once they know your favorite teacher’s name and other private data only you know, they feed it into the software and, millions of combinations later, hack you.
That’s why you should never answer questions like these no matter how innocent you think they are.
-
Do Use Passphrases
Once they have passwords and usernames hackers crack into not only bank accounts but sites like eBay, QVC and sites like livestream shopping where you may have deposits pending. Such sites often store direct access to financially vulnerable information such as credit cards.
Security experts claim that “passphrases” are fairly secure. I’m not totally convinced but I suppose the more bizarre or unique they are, the more likely they are to work. An example of a passphrase is “DITBMITW”. These make up the first letters of the phrase “Drake Is the Best Musician in The World.”
Experts suggest that you mix upper- and lower-case letters to strengthen security and reduce the likelihood of hacking. To really throw off the hackers throw a few numbers into the mix. So, our example could become DiTbMiTw82*! *
-
Never use keyboard walking
QWERTY is the most obvious example of keyboard walking, also known as password walking. They’re the first six letters in the top row of letters on a keyboard. Other creative examples include “1qazxsw2”. This results if you start at the top number on the keyboard, or “1”, and then go down to Z, over to X and back up. Clever, right? Easy to remember, too, right?
Not so much. Such sequential keyboard combinations rank at or near the top of passwords that unwitting people actually use, thinking it’s safe. Such combinations rank at the top of combinations sought out buy dark software used by hackers.
-
Mix it up
Picking a good password involves finding something familiar that you can remember. But you want to mix it up to decrease the likelihood of detection.
Here’s an example:
As of this writing people tell me that one of the hottest musicians and performers is Drake. He has a ton of top ten hits. So, instead of using your son or daughter’s name, ask them who their favorite singer/performer or actress/actor is. Just for the sake of this exercise, let’s say they tell you they like Drake. It could be anyone, but let’s go with Drake. Simple research tells us this guy’s date of birth is October 24, 1986.
Let’s generate a secure password. D R A K E. Intersperse the numerals of his birthday: 1 0 2 4 8 6. Our password would be 1D0R2A4K8E6. Add a “special character” like * or # after the combination. Now you have not only a secure obtuse password combination, but you also have something you can remember and recreate anywhere, without writing it down. If you can remember that your daughter told you Drake is her favorite guy, and you add his birthday, you can recreate this.
This is not now and never has been my password, but you get the idea. You can generate your own.
-
Never use any word in the dictionary
Hackers and their software can probe the entire universe of known words in mere seconds. This is why you should never use a word in the dictionary for a password. Also taboo from use as passwords are proper nouns or words in any other language besides English. This is why we made up acronyms, or initialisms, above. If you think of a sneakier way to make up a secure combination, do it, as long as you can remember it.
By the way, using a word backwards also provides an easy target to hacker software.
-
Use the longest possible combination
In our above example, once you get the hang of it how easy would it be to simply add more names and numbers. Many websites accept and even require “special characters”. These are the characters we’ve talked about including # and *. Just remember not to “keyboard walk”.
In one study 73% of all passwords were “incredibly easy” to crack, in less than one second.
Cybernews.com, Oct 11, 2021
The more complex the password, the more difficult to reverse engineer. At the same time, the less likely your private information accounts will fall victim to compromise.
Hackers and The Law
Federal law prohibits hacking and other internet crimes. The Computer Fraud and Abuse Act (18 U.S.C. § 1030) prohibits accessing a computer without permission. Other federal laws prohibit hacking into emails and other electronic data especially with intent to steal money. But, despite the laws it’s wise to take all available steps to ensure your own computer security. One such step is picking a good password.
Disclaimer: I do not use any of the combinations, least of all “QWERTY”, listed above. Be creative and secure.
Don’t use the kids, the pets or other loved ones.
The author of this article, Andrew D. Myers is a personal injury attorney and bankruptcy lawyer who blogs of a variety of issues. When you watch those TV lawyers, they tell you they can do this, or they can do that or even how BIG they are they miss the point. Do you want to deal with someone who goes around bragging how BIG they are? It’s not about them, it’s about you. If you have been injured in a car accident or other incident that was not your fault you don’t need someone who’s busy doing TV commercials. You need someone to meet with you personally, to listen to you, to understand what you’ve been through and to fight the dark side of insurance companies.
Model Credit: Laila Merrill
Sources:
How Answering Facebook Questions Could Make You Vulnerable to Hackers. Simplemost Media.
“Tips.” National Cybersecurity and Infrastructure Security Agency.
Views: 19
What are your thoughts on the auto-generated passwords that Apple devices offer? They do suggest highly secure passwords but absolutely impossible to remember so have to save in the keychain which defeats the purpose of using such a secure password, right?
You’re right plus what if you lose your keychain? Call me a conspiracy theorist but do you trust a big entity and all of their many employees who may or may not have access to that generated password? Why not self generate a difficult password something along the lines of our suggestion in the blog article?