How to create a strong password in wake of Twitter hack episode

There are tricks to creating passwords that are not only seemingly random but also easy to recall.

Twitter's warning about hackers is another reminder about the importance of password protection.

Here's a guide to creating a strong password and keeping out of the clutches of those who would do your computer and personal information harm.

A strong password is one that cannot be easily guessed or broken by a brute force attack in a reasonable amount of time. It should contain numbers, punctuation, and upper- and lower-case letters. It also shouldn't include anything likely to be found in a dictionary or a common name.

And as Twitter pointed out as the microblogging site announced that hackers may have gained access to data regarding 250,000 of its users including user names, email addresses and encrypted passwords, longer is better. A 15-character password may be 90 times harder to crack than a 14-character one.

That said, it needs to be something you can remember, and there are tricks to creating passwords that are not only seemingly random but also easy to recall.

"Create a formula that you'll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared," writes PCWorld's Lincoln Spector.

Keep in mind your passwords should never include any personal information, because any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. It's also important to use a different password for various sites -- never use the same password twice.

If all that sounds like too much trouble, there are options.

You can use a password manager such as Password Safe (available as a download on PCWorld). It's free, open source and uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.

Also consider two-factor authentication. You can set Google and Facebook to send you a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine).

For even more password creation tips, check out Password Management: Idiot-Proof Tips.

Twitter isn't alone in being a victim. The New York Times, The Wall Street Journal and The Washington Post are other high-profile companies that have recently been hacked.

Twitter emailed affected users Friday, telling them to reset their passwords, and the site offered some helpful advice about passwords in a blog post written by Bob Lord, director of information security for Twitter.

Join the CSO newsletter!

Error: Please check your email address.

Tags passwordssecuritytwitter

More about FacebookGoogleWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christina DesMarais

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place