The Need For Strong Passwords to Head off the Hackers

New rules for an old problem: how to create a strong password

Using their own ingenuity and automated programs that target thousands of computers simultaneously, hackers can quickly crack many simple passwords and break into online accounts. And once they sign in as you, they may change the password, locking you out of your own account.

One study finds that a successful hacking attack occurs about every 39 seconds. But in just a few seconds of your own, there are some ways you can strengthen your password for better online security.

12 is the new 8
As cyber crooks hone their skills, the traditional recommendation that passwords contain at least eight characters has changed. Passwords should now be at least 12 characters, say researchers at the Georgia Tech Research Institute. In their tests, they learned that eight-character passwords can be cracked in about two hours, but adding just four additional keystrokes to a password could raise that to a theoretical 17,000 years.

Small tweaks, very big results
Longer passwords are a good first step, but even more important is making each character count. And yet one recent survey found that half of 2,500 surveyed computer users never employ symbols such as &, >, # or @ in their passwords. Worse, many still only use lowercase letters or just add numbers at the end of words, such as the foolish and easily hacked "password123."

In one study, a British researcher noted that bolstering an all lowercase eight-character password with a few well-placed symbols, numbers and a combination of upper- and lowercase letters would take commercial hacking software about 200 years to crack.

Steps like these serve to blunt the hackers' software, which works by trying various versions of words in an English dictionary and even combinations of them.

Easier recall of 'hard' passwords

Of course, the more complicated a password, the harder it is for you to remember it — explaining why you may often quickly change the cryptic passwords initially assigned when you open a new online account. After all, who can remember "iH8g&tR#rG-l "?

You can — by taking some new advice: Choose a sentence, phrase or song that you can easily remember, and add a few keystroke tweaks. The above 12-character password, for example, is a hacker-resistant version of "I have 8 grandkids and they are really good-looking" (which is very true, but all hackers, take note: I'm will not use it as a password).

How about your favorite song? "When I'm feeling blue/All I have to do/Is take a look at you" becomes "WiFb/AiH2D/iTaLaU," with each word's initial letter alternating between lower case and capital. Then "A Groovy Kind of Love" becomes an extremely strong password, and to add another variable such as an Exclamation Point! Or even an extra period, will cause the password to be virtually unbreakable.

And while you shouldn't use birthdays or anniversaries as a password — those dates may be available in online public records and used by hackers who specifically target you — those easy-to-remember dates can be tweaked for better protection. If you must rely on your June 10 wedding, for instance, consider including lesser-known info — such as the initials of your flower girl (Julie Andres) and the honeymoon destination (Miami), à la "ja@0610#miaFL."

Of course, this level of complexity may not be for everyone. But give it a try — if you create (and remember) passwords like these; you'll have nearly uncrackable security.

Other old-standby ways to bolster password security:

• Say no when browsers offer to save your password. Website browsers such as Firefox and Internet Explorer let users save passwords so that they don't have to enter them each time they go to a site, but widely used password-stealing "Trojan" programs know where to look for and how to steal that information. Plus, a saved password can translate to easier hacking if your computer gets stolen.

• Use different passwords for different accounts. And change them every 90 or so days. Only about one in five computers user’s employs multiple passwords on different accounts, and of those five, four of them fail to ever change them.

• Check your password. Whenever you choose a new one, gauge its strength at websites such as Microsoft's Password Checker. [https://www.microsoft.com/security/pc-security/password-checker.aspx].

Safety is the primary issue, at all times.

-Birdy