How To Choose and Use Strong Passwords

Creating and using strong passwords is one easy way to help prevent bad people from accessing your accounts.

Passwords are collected by the bad guys in many ways, such as by malware that scans the system and monitors Internet usage for usernames and passwords. Dictionary attacks are also used to guess passwords from a list of common ones. Most email systems are tough to attack with dictionary attacks because they won’t let you attempt login after login trying different credentials.

The best defense is to use a good security suite and to keep it updated. These will make it much harder for malware to get on your system or to run unimpeded if it does. Most of them also detect and block phishing attempts.

But you still want to have strong passwords. There are places where weak passwords can be compromised, such as the login for your PC. Now very few people, including the experts, do all the things experts tell them to do in this regard. After all, it’s inconvenient.

Here are some guidelines for choosing a strong password:

• The longer the better: At least 8 characters.
• Mix upper and lower case, punctuation and numerals.
• Avoid passwords that are words in a dictionary, especially common words.
• Also avoid common passwords like “12345.” You’d be amazed how many people use passwords like these.
• Avoid reusing passwords, especially those for critical resources like your e-mail, on other sites. Doing this exposes you to a wider compromise than necessary.

Even with these suggestions, don’t make your passwords so complex that you can’t remember them. Most of us don’t have the memory bandwidth to deal with a large number of obscure passwords.

A good next step is to use a password management program, such as Roboform or the open source Password Safe. Some suites, like Norton Internet Security 2010, include password management in them. These programs let you auto-generate strong passwords and it remembers them for you; you just remember a master password.