How-To: Create Strong Passwords and Foil Hackers in 6 Easy Steps

Author’s note: this is a guide to help you better protect yourself and your privacy online. While no method is full-proof, these steps will point you in the right direction and I encourage everyone to work towards a safer, more secure New Year in 2010.

Creating strong passwords is not enough when you consider just how connected we are on the Internet. Our habits begin to form a network of information, hanging there in cyberspace like a smoky web, a digital chrysalis enveloping our budding online identity. Each new account creates another weakness. Another point to be hacked and data exposed. It’s our life in a digital-age that hasn’t really caught up to the fact that its digital. It isn’t about strong passwords, its safe behavior and the method by which we deconstruct the web and build in security. This guide will help you understand where the problem begins, how to create strong “passwords” and build a firewall around them to limit the damage caused by a compromise.

How did we get into this mess?
I’m on Facebook, Twitter and buy stuff on Amazon. I have multiple bank/investment accounts, a mortgage, credit cards, and health records online. Every week it seems like I’m creating a new user account for this or that site, buying something new or renting a movie. Each time I register for a new account, I’m always faced with the challenge of a new password and security question. And so, the problem begins.

Ditch the Passwords, go for Pass Phrases
How many readers out there use the same password for multiple accounts? Who else is guilty? It’s not a crime, per se, but you should be concerned that someone may be getting your info to commit one: its caused fraud and identity theft. I am good at creating strong passwords using ten or more letters, upper and lower case, numbers and special characters and to help me remember them better I use “pass phrases” rather than passwords. It’s easy and here is how it works:

1. Learn good character substitutions by using “leet speek.” Go to http://en.wikipedia.org/wiki/Leet and pick out some that are easy for you to remember and use consistently!
2. Create a phrase or sentence like “Making passwords strong and secure is my New Years resolution”
3. Take the first letter of every word: mpsasimnyr
4. Substitute a few capital letters: mpsasimNYr (note that I used the natural capitalization from my phrase, which is easier to remember)
5. Add in some numbers: mpsas1mNY2
6. Now the special characters: mp$@$1mNY2 (looks pretty good, huh?)

I’ve also done a little “clustering” of the special characters, making it easier to type through some natural transitions on the keyboard. The more I’ve created, the better I get at figuring out what is easy to type and remember. Also, it’s a good idea to change them after a while, at least every six months, but no longer than a year. Passwords, after all, are enough of a pain in the @$$, so why make them any worse?

Create a Password Firewall
With so many different passwords, what am I to do? I can’t possible remember them all, so at some point in time I start using the same one for multiple accounts. Consider the massive data breeches, entire online systems with millions of accounts at risk. It seems like I’m a hack away from my information getting into the wrong hands and a single, albeit incredibly strong password, would not do me any good it allowed access to every account under my name.

Since I cannot possibly remember every password, I use the same one for dissimilar things. For instance, my Twitter and Facebook passwords are not the same and both are different than my email addresses that I used for both. Think: having a separate email password because “auto recovery” is like an “auto compromise” feature when you use email to reset them. In this aspect, I also divide my accounts between a few different email addresses. However, I use the same password for Facebook in a few other places which I will not mention, because keeping simple clues like that private is a good security practice. The idea is to limit the amount of damage done by a compromise on any one of your accounts.

Decentralize in Five Passwords
Remember, creating good passwords is only half the battle. Being realistic, there should not be the expectation to have a different password for every account and I’ve found that I can do a lot with just five different passwords. Decentralization of my risk makes me a lot safer online and it’s a strategy that I can live with. I’m not perfect and I’ll admit to recycling a few passwords and not changing them as frequently as I should, but I try. Just like quitting an exercise routine: things get out of shape. Rather than concocting an ambitious, unrealistic fitness routine for the New Year, how about refreshing those stale passwords and take a few pounds of “worry” off the brain. Keeping up good security does take some work, but the results are well worth the effort!

Disclaimer: This entire article represents the author’s opinions only and mention of any product or brand is for illustration only and not an endorsement.