Passwords 101: a simple way to make it hard for hackers

Passwords are literally the stuff of life. Without them online banking, dealing with IRD, work email and countless other everyday but vital activities simply wouldn't be possible. Keeping these secure is isn't terribly difficult, yet the consequences of forgetting to do so can be pretty dire.

Take Twitter, who today admitted they'd been hacked for the third time this year.

In this instance, a hacker simply guessed the password for an employee's personal email account (they used the word "password" as their password) and from there stole commercially sensitive company documents.

At a personal level, losing password is no less serious. Stolen or guessed password can allow criminals to use your name to open new credit card accounts, apply for loans, or simply pose as you for online transactions they never intend to honour.

Either way chances are that you wont notice until its too late and you're left to clean up the financial carnage. The good news however is that creating difficult to guess passwords and keeping them protected isn't difficult to do.

Use strong passwords

Using difficult to guess, or strong passwords can often mean the difference between a hacker choosing you as a victim or moving onto easier prey.

Ideally your passwords should appear as a random collection of characters and numbers. Here's what you need to know to create strong passwords:

* Letters, Symbols & Numbers. Using a mix of numbers and other symbols like &^ %$)@!) in your password, makes it even harder to guess.

* Length matters. Each additional character you add to your password makes it more difficult for hackers to fathom. Strong passwords should be at least 8 or more characters long; 14 characters plus is ideal, if allowed.

* Use a passphrase: Some systems allow you to use spaces in your passwords. This means you can create a passphrase made of multiple words. This is not only easier to remember, but is usually longer so is harder to guess.

* Remember not guess: Last but by no means least, use passwords and passphrases you can remember, but are extremely difficult for others to guess.

Opinions vary widely but, in my opinion, the easiest way to keep track of passwords and pass phrases is to write them down on paper. Provided your written list of passwords is stored securely they should be much hard to obtain than passwords stored electronically on your PC. Password manager applications and supposedly secure websites can still be compromised

How to make a password

Creating a strong, easy to remember password neededn't be difficult and can be done using these simple steps:

* Use a sentence that you easily can remember to form the basis of your strong password.

* Check the capabilities of the system to work out what password types it supports. Can it support special characters and numbers? If it allows spaces, use a passphrase.

* If a system does not support phrases or special characters, convert your ideal passphrase into a password. Doing this can be as easy as taking the first letter of each passphrase word or even substituting a letter for spaces.

* Mixing uppercase and lowercase characters. This allows you to have easy to remember passwords that are very difficult to guess. Similarly, substitute numbers for letters (much like you would when designing a personalised number plate).

* Use symbols. Mix symbols that look like letters into your passphrase. Using this method you could for instance substitute a $ for an S and the @ for an a. Once again it's easy to remember, but hard to guess.

* Having created a strong password, test it. Microsoft has a great online tool that'll tell you how strong your password is.

Avoiding weak passwords

Weak passwords are usually obvious, logical or easy to guess by anyone who knows even a little about you - and with the amount of personal information that many people put online at social networking sites, it pays to be extra careful.

* Don't use logical sequences or repeated characters. Passwords such as "12345678," "222222," "abcdefg," or adjacent letters such as "QWERTY" are not secure.

* Avoid the obvious. Using part of your name, your birthday, your pets name, or your address is definitely a password no-no. Obvious passwords are the one of the first things a determined hacker will try.

* Single words in any language will get you into trouble. A sophisticated hacker will have tools at their disposal what can throw hundreds of thousands of words in multiple languages from digital dictionaries and can rapidly guess passwords that are based on a single word (this also includes words spelled backwards).

* Use multiple passwords. If one of the computers or online services you have a widely-used password on is hacked, all of your other computers and online services accessed by that password can also be compromised.

* Never, ever send your password over email. Emails are the digital equivalent of a postcard that can be read as it passes through hundreds of email servers on its way to the intended recipient.

* Assume that emails requesting that you send your password, or ask you to go to a website to verify your password are fraudulent. If in doubt, get a bit 'old skool' and ring up and check with the company the email purports to be from.

This article originally appeared in the New Zealand Herald