Learn to use strong passwords

Passwords protect every part of your online life. If you don't treat them properly, you're exposing yourself to a whole mess of trouble.

Passwords protect every part of your online life. If you don't treat them properly, you're exposing yourself to a whole mess of trouble.

[Email your tech questions to answer@pcworld.com or post them on the PCW Answer Line forum.]

I'm not answering a reader's question today. Instead, I'm offering some advice that everyone on the Internet needs.

Imagine that you had one key that unlocked your house, your garage, your office, and your car. Then, to make sure you always had the key handy, you made about 80 copies. And engraved your address on every one before leaving them in convenient locations.

That's about the level of security you have if you use the same easy-to-guess password for multiple purposes. Far too many people do just that.

Passwords keep strangers off our computers and smartphones. They keep criminals from reading (and writing) our email, updating our Facebook status, and cleaning out our bank accounts.

These outlaws want your passwords so they can make money at your expense. Here's what you need to do to stop them.

Use strong passwords

A strong password is one that cannot be easily guessed, or broken by a brute force attack in a reasonable amount of time. That means no words likely to be found in a dictionary, no common names, and nothing too short. A 15-character password may be 90 times harder to crack than a 14-character one.

You'll notice that I wrote characters, not letters. A good password contains numbers, punctuation, and upper- and lower-case letters.

Basically, you want a long and seemingly random string of characters--as if gerbils danced on your keyboard, with one concentrating on the shift key.

But since you need to remember the password, you probably don't want something truly random. Create a formula that you'll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared.

Except you shouldn't use a formula that's been published in PC World.

Use a different password for each site

If someone manages to steal your email password, do you want them to access your bank account, too?

To avoid that kind of big disaster, give every site, program, or service a unique password. Never use the same password twice.

But no, I'm not suggesting you come up with and remember countless unique formulas. Read on.

Use a password manager

You can keep all of your passwords in a specialized, encrypted program called a password manager. That way, you only need to remember the password manager's password--and the one you use to log into Windows.

There are several good password managers, but I'm partial to Password Safe (available as a download on PCWorld). Password Safe is free (at least for Windows), and open source. It uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.

You'll also find Password Safe-compatible apps for Android and iOS.

Don't give away your passwords

Finally, be careful about throwing your passwords around. Follow these steps for added safety:

  • Never type a password on a Web site that isn't secure.
  • Never share a password with anyone that you wouldn't trust with your credit card.
  • Never email one of your passwords, even to someone you trust, without taking proper precautions.
  • If a Web site offers additional protection, such as Gmail's two-step verification option, use it.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityAccess control and authentication

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts