Leave a comment

New password rules make them easy to remember and more secure

I'm no longer using passwords that look something like this: W#7s@Pq!. They were very difficult to remember and extremely frustrating to enter, especially using a phone's tiny onscreen keyboard. I have changed strategies and my life is better.

For many years, my advice about how to create the best password did not change very much. A good and secure password requires at least eight random characters. Be sure to logjam the hacker's password cracking programs by using a mixture of upper and lower-case letters, a number or two, and a few symbols.

Never use any word found in the dictionary or a series of numbers, like 12345678. Don't use words that people around you know such as your dog's name, favorite sport or the city where you were born. Whatever you do, never perform the ultimate password faux pas and use the word "password" as your password.

We've tried to make light of our universal password pain. Perhaps you've heard this joke. "I changed my password to 'incorrect.' Now whenever I forget what it is, the site will say, 'Your password is incorrect.'"

Like you, I made hieroglyphic passwords. I've done my best to memorize passwords only to feel defeated. The password reset link was my last resort at more sites than I care to admit.

Let's breathe a collective sigh of relief and give thanks to a series of studies at Carnegie Mellon University. They found passphrases provide just as much randomness as a haphazard collection of letters and symbols.

Try one like this: ilovefreshsashimitunawithalittlesoyandwasabi. That's 44 lower case letters, with no spaces. It's easy for me to remember because it's true.

The researchers suggest that your passphrase should be between 16 and 64 characters. Go ahead, get creative with your phrases. The longer the passphrase is, the harder it is for a hacking program to figure it out.

With all due respect to the researchers, the passphrase alone is not good enough. There is an additional step you must take to make your accounts and passwords secure.

One of the worst things you can do is to use the same password for all the sites you visit. It makes sense. If hackers get into one site, they instantly have access to all your other accounts including your Facebook, email, phone, banking and more. That's why you want to have a unique password for each site you use.

There is a simple trick to using an easy to remember passphrase and making your password unique for each site. How you implement it is up to you, but here's how it works.

Let's say you need a password for your Google account and like me, you love fresh ahi. Your passphrase might be ilovefreshsashimitunawithalittlesoyandwasabiGoogle or ilovefreshsashimitunawithalittlesoyandwasabiG2016. If the password is for your email account, this would work: ilovefreshsashimitunawithalittlesoyandwasabiEmail.

The gist is to first come up with a passphrase you can remember, and then make it unique in a standard way that makes sense to you. For example, simply adding a few letters or numbers at the beginning or end of the passphrase per site makes each one different.

A website called How Secure Is My Password has a free online password strength checker. They said my love of fresh tuna passphrase would take over 10,000 centuries to be brute-forced. In case you want to check it out and try yours, click here.

Not all sites will comply with your newfound password freedom. Some sites will still require one uppercase letter, random character, or specific length because their legacy systems require it.

Be sure you also set up two-factor authentication, also called two-step verification, on your accounts to make them even more secure. Don't let the fancy name throw you. It just means that to log in to your account you need two ways to prove you are who you say you are. It's like the bank or an employer asking for two forms of ID.

The idea is that a hacker is going to have a much harder time getting both forms of ID, and it's true. Most major services and companies, such as Google, Facebook, Microsoft and Apple, offer two-factor authentication. Click here to learn how to turn it on for your accounts.

Fortunately, we won't have to deal with this nonsense too much longer as our passwords will be our biometrics. We'll gain access to accounts by using our fingerprints, iris and even heartbeat. The challenge here is while hacked or stolen passwords can be readily changed, things get very problematic when dealing with our fingerprints.

Security is just one of myriad of topics I discuss on my national radio show. From buying advice to digital life issues, I’d love for you to listen or download the podcasts. Click here to find your local radio station. If you are looking for topics about everything digital you can listen to on your phone, tablet or computer, click here for my free podcasts.


View Comments ()
Random Columns

5 great apps that do more than the ones you're using now
Next Columns

5 great apps that do more than the ones you're using now