Password management: Creating secure passwords you can remember

Passwords are the main barrier between hackers and your data. Make it secure.


by Tony Bradley, PC World - Microsoft Chairman Bill Gates declared the password dead. He told his audience that the password can't meet the challenge of keeping sensitive information protected, saying "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

[ Password management: How the pros store their passwords ]

That was six years ago at the 2004 RSA Security Conference. Paraphrasing some wisdom from Samuel Clemens, the rumors of the password's demise have been greatly exaggerated. It is still the primary security control used to protect data, accounts, and pretty much everything else on a computer.

Gates may have been premature in calling the time of death on the password, but his assessment of why the password is inadequate as a security control were accurate. A study of more than 30 million passwords exposed when was hacked found that almost half use names, common dictionary words, or sequential characters like "qwerty".

Fingerprint scanners and other biometric controls are becoming more mainstream, but the password will still be the main barrier between hackers and your data for the foreseeable future. With that in mind, here is how to create a secure password that you can actually remember in "12345" easy steps.

1. No Personal Information. Any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. Never choose a password that has anything to do with you personally.

2. No real words. Let's take that a step farther. Not only should you not use your name or your pet's name, you shouldn't use any actual word that can be found in a dictionary. Passwords like that can be easily cracked by password software.

3. Mix Character Types. Passwords are almost always case-sensitive, so use both upper and lower case letters to make it more difficult. To really make it complex, be more creative than just capitalizing the first letter. For example, do "paSswoRd" instead of just "Password". Better yet, throw in some numbers and special characters to substitute for letters, and do "p@Ssw0Rd".

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question