Great American Privacy Makeover

Take Control of Passwords

No Question: Passwords are a pain.

Managing them safely means cooking up dozens of cryptic letter and number combinations--following each site's arbitrary character count--and committing each to memory, along with the site it corresponds to. And when you've done all that, it's time to change them and start over. With every financial, shopping, and news site hounding you for log-in info, it's tempting to throw security out the window and just plug in your dog's name.

Don't do it. Passwords are one of the most obvious entry points for online account break-ins, say security experts. And hackers have perfected tools that do nothing but scour the Web, trying to match passwords with dictionary listings.

Managing passwords was a definite problem for our survey group: More than half of our respondents said they use letter and number combinations in their passwords, but about a quarter admitted to using the name of a person or pet. And 34 percent said they never change their passwords--a whopping 27 percent of whom describe themselves as advanced users or PC professionals. Worse, some unchanging passwords are written down: 40 percent keep passwords either on sticky notes or in daybooks, where others can see them or where they can be lost.

While good password management will never be effortless, you can simplify it.

Our suggestions:

  • Use memory tricks to craft better passwords. Start with, say, the title of a favorite book or movie. Take the first letter of each word and stick a meaningful number, such as the year you started your current job, in the middle. You can update your passwords with each new book or movie. For less-critical accounts like news and movie sites, you might use a scheme with a number--perhaps the month and year you graduated from college--followed by the site's initials: 051982wp for the Washington Post. Don't use the same password at every site.
  • Try a password-management tool to reduce hassles. Choose one that encrypts and stores your data on your PC (I like Roman Lab's free Any Password and Siber Systems' free AI Roboform).
  • Be careful about letting Windows store passwords. Don't do it at all if your PC could be used by others. And always enter passwords at sites with sensitive information, such as banks and retailers.
  • Change your passwords frequently. Revise your news and entertainment site passwords once a year, but change your passwords for sensitive sites monthly.

For more password tips, see October's Internet Tips.

Subscribe to the Security Watch Newsletter

Comments