How to create a strong password in wake of Twitter hack episode

There are tricks to creating passwords that are not only seemingly random but also easy to recall.

Twitter's warning about hackers is another reminder about the importance of password protection.

Here's a guide to creating a strong password and keeping out of the clutches of those who would do your computer and personal information harm.

A strong password is one that cannot be easily guessed or broken by a brute force attack in a reasonable amount of time. It should contain numbers, punctuation, and upper- and lower-case letters. It also shouldn't include anything likely to be found in a dictionary or a common name.

And as Twitter pointed out as the microblogging site announced that hackers may have gained access to data regarding 250,000 of its users including user names, email addresses and encrypted passwords, longer is better. A 15-character password may be 90 times harder to crack than a 14-character one.

That said, it needs to be something you can remember, and there are tricks to creating passwords that are not only seemingly random but also easy to recall.

"Create a formula that you'll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared," writes PCWorld's Lincoln Spector.

Keep in mind your passwords should never include any personal information, because any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. It's also important to use a different password for various sites -- never use the same password twice.

If all that sounds like too much trouble, there are options.

You can use a password manager such as Password Safe (available as a download on PCWorld). It's free, open source and uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.

Also consider two-factor authentication. You can set Google and Facebook to send you a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine).

For even more password creation tips, check out Password Management: Idiot-Proof Tips.

Twitter isn't alone in being a victim. The New York Times, The Wall Street Journal and The Washington Post are other high-profile companies that have recently been hacked.

Twitter emailed affected users Friday, telling them to reset their passwords, and the site offered some helpful advice about passwords in a blog post written by Bob Lord, director of information security for Twitter.

Tags: security, passwords, twitter

Heartbleed panic drives flood of enquiries to Symantec's Melbourne CA

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Webroot SecureAnywhere Business

The lightest, fastest, easiest-to-manage, and most effective endpoint protection.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.