I wrote this little guide for my aunt. Her email password got hacked a while back. If you don’t currently do something similar, you should!
First, here is how to make a bad password that will get hacked:
- Use a word that is in the dictionary, even if you r3place s0me l3tt3rs w1th number5 (that’s an old trick) or…
- add a 1number1 to a 3word3 (that’s an old one too)
- Make your password a too common phrase like your favorite band, “Flock of Seagulls”, or your birthday “2/2/1980″. There aren’t enough 80′s New Wave bands or birthdays to fool a brute force attack on your password.
Now here is how to make a good password that is easy to remember and won’t get hacked:
Change all your passwords to follow a pattern. Make the pattern something you can easily figure out but a password thief could never do.
- Start with a basic password that is something you like, but misspell it. For example, “caps” to “kaps”.
- Change it so that it has a capital letter, a number and punctuation. For example, “Kaps^2″.
- For every website you go to, prepend part of the website name to the new password. For example, maybe use the first 2 letters and the last letter of the site. You’d get “amn” out of amazon.com. So your password for Amazon.com would be “amnKaps^2″ and your password for Bank of America would be “baaKaps^2″.
Your final password should be between 9 and 12 characters. (some websites stupidly limit the length of your password, and you don’t want to have to use a different strategy on those sites, lest it be harder to remember.
You now have a REALLY GOOD PASSWORD that is REALLY EASY TO REMEMBER and REALLY HARD TO GUESS. And it’s DIFFERENT ON EVERY SITE so when one website gets hacked, the bad people don’t know your password on other sites!
Yes, it takes a little effort, but so does locking your front door when you go out.
Short story: last year I sat down at a public computer at City College. As I typed in my password, I got this chill, wondering if there might be a virus on the computer, sending my password off to some nefarious Russian hacker den or somesuch. So the first thing I did was enable 2-step verification.
Flash forward 3 months to this ABC News article that starts out “A computer virus found at the City College of San Francisco may have been part of an elaborate international scheme stealing students’ personal information for more than a decade.”
Yes, the bad people got my password. But my password strategy and 2-step verification protected me. Nuff said.