washingtonpost.com  > Technology > Tech Policy > Security

Cyber-Security: Creating a Secure Password

Wednesday, March 30, 2005; 1:09 PM

For better or worse, most of us are required to use passwords for a variety of online activities, such as reading e-mail, participating in Web discussion boards, or logging in at Internet banking sites. But creating and remembering safe, secure passwords requires a little more effort than simply picking your birth date or pet's name -- in part because these are the first things any sophisticated identity thief trying to guess your password will try.

Here are a few tips for coming up with solid, memorable passwords:

DNA Key to Decoding Human Factor (washingtonpost.com, Mar 28, 2005)
Banking Rules Address Theft Of Customers' Private Data (The Washington Post, Mar 24, 2005)
Critics Question Impartiality of Panel Studying Privacy Rights (The Washington Post, Mar 11, 2005)
More Security News

* DO NOT use your network username as your password.

* Don't use easily guessed passwords, such as "password."

* Do not choose passwords based upon details that may not be as confidential as you'd expect, such as your birth date, your Social Security or phone numbers, or names of family members.

* Do not use words that can be found in the dictionary. Password-cracking tools freely available online often come with dictionary lists that will try thousands of common names and passwords. If you must use dictionary words, try adding a numeral to the end of them, or punctuation at the beginning or end of the word (or both!)

* Create unique passwords that that use some combination of words, numbers, symbols, and both upper- and lowercase letters.

* If you have trouble remembering your passwords, try replacing certain letters in the word with look-alike numbers. For example, the password "alabama" could be made far more secure written "4labAm4." Another useful and secure way of remembering and creating strong passwords is to use the first letter of each word in a phrase from a favorite book or song. For example, "Evil flourishes when good men do nothing," could be written "Efwgmdn." Add a digit and/or some capitalization and you've got a pretty strong password.

* Don't use the same password at multiple Web sites. If you do, and an e-commerce site you registered at gets hacked, there's a good chance someone's reading your e-mail at that free Web mail account you use. It's generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don't use this same password at sites that do.

* Whatever you do, don't store your list of passwords on your computer. For that matter, don't write them down at all. The most secure method for remembering your passwords is to create a list of every Web site for which you have a password and next to each one write your login name and a clue that has meaning only for you. Besides, if you forget it, most Web sites will e-mail your password to you (assuming you can remember which e-mail address you signed up with).

-- Compiled by Brian Krebs.

© 2005 TechNews.com