I’m not answering a reader’s question today. Instead, I’m offering some advice that everyone on the Internet needs.
Imagine that you had one key that unlocked your house, your garage, your office, and your car. Then, to make sure you always had the key handy, you made about 80 copies. And engraved your address on every one before leaving them in convenient locations.
That’s about the level of security you have if you use the same easy-to-guess password for multiple purposes. Far too many people do just that.
Passwords keep strangers off our computers and smartphones. They keep criminals from reading (and writing) our email, updating our Facebook status, and cleaning out our bank accounts.
These outlaws want your passwords so they can make money at your expense. Here’s what you need to do to stop them.
Use strong passwords
A strong password is one that cannot be easily guessed, or broken by a brute force attack in a reasonable amount of time. That means no words likely to be found in a dictionary, no common names, and nothing too short. A 15-character password may be 90 times harder to crack than a 14-character one.
You’ll notice that I wrote characters, not letters. A good password contains numbers, punctuation, and upper- and lower-case letters.
Basically, you want a long and seemingly random string of characters–as if gerbils danced on your keyboard, with one concentrating on the shift key.
But since you need to remember the password, you probably don’t want something truly random. Create a formula that you’ll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared.
Except you shouldn’t use a formula that’s been published in PC World.
Use a different password for each site
If someone manages to steal your email password, do you want them to access your bank account, too?
To avoid that kind of big disaster, give every site, program, or service a unique password. Never use the same password twice.
But no, I’m not suggesting you come up with and remember countless unique formulas. Read on.
Use a password manager
You can keep all of your passwords in a specialized, encrypted program called a password manager. That way, you only need to remember the password manager’s password–and the one you use to log into Windows.
There are several good password managers, but I’m partial to Password Safe (available as a download on PCWorld). Password Safe is free (at least for Windows), and open source. It uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.
You’ll also find Password Safe-compatible apps for Android and iOS.
Don’t give away your passwords
Finally, be careful about throwing your passwords around. Follow these steps for added safety:
Never type a password on a Web site that isn’t secure.
Never share a password with anyone that you wouldn’t trust with your credit card.
Never email one of your passwords, even to someone you trust, without taking proper precautions.
If a Web site offers additional protection, such as Gmail’s two-step verification option, use it.