A few readers were confused about the difference between a user ID and a password. I'm talking about the latter. But many also wanted to know more about how to create a password that is less likely to be cracked--specifically, how to properly use numbers and letters within a password.
The secret is to create a seemingly random combination. You get extra credit if you incorporate case changes--alternating between uppercase and lowercase letters--and insert symbols and numbers between letters. As long as you remember a basic structure, you can create strong passwords quickly.
Here are some guidelines for making your passwords as secure as possible.
Change passwords early and often
At the very least, you should change any default passwords you might already have. If your Internet provider issued you a password, change it. If your operating system came with passwords (typically "admin" or "password"), change them. If your wireless router has a password, change it too.
Experts suggest changing your passwords every six months or so. But what if you have twenty passwords to remember? That's a bit of work. But I don't recommend writing your passwords down. People who display passwords on Post-It notes on their computer monitors might as well not even bother with passwords at all. Saving passwords in a text or Word file on your hard drive is not quite as bad, but it's not ideal either. That's why I suggest creating passwords that are easily remembered and don't need to be written down.
Avoid the obvious
Never use a word you'd find in the dictionary. Malicious users often employ password-cracking apps to break into systems or online accounts. These apps are available as freeware on the Internet, and several of them use what's called a dictionary database.
The idea is that people are more inclined to use real words as passwords, words commonly found in dictionaries such as "secure" or "evergreen," along with familiar names like "John," "Mary," and "Phillip." Some dictionary programs also combine words. If you use a dictionary word as your password, a hacker using a common cracking program could open your files or access your accounts in a matter of hours.
Even if you don't use common words, you're not any safer using your great aunt's birthday. These same cracker apps can also guess random numbers. Generating combinations of 0-though-9 across six or eight decimal places is a function of processor speed and time. The more speed and time available, the more likely someone will uncover your secret number. Because of this, always make your passwords as long as possible.
Get crafty
You need to come up with a pattern of letters and numbers, one that makes sense only to you. By adding letters to numbers, you gain another 26 possibilities for each decimal space. Better yet, add uppercase and lowercase alpha characters, and you've got a total of 62 choices. Because of this, a four-digit password of letters and numbers is more secure than the same length password comprised of number or letters alone. A six-digit password is even stronger.
While a hacker running a cracking program could still break a four- or six-character password, he'd be working at it for quite a while. Chances are he'd give up and move on to another computer.
Get into the habit
The trick to remembering a variety of unique passwords on the fly is to come up with a structure that you alone understand. Let's say you need a password for your office computer. If that's the case, then you could derive a strong password from your office's address.
For example, CNET Networks is located at 235 Second Street, San Francisco, CA 94105. There are several choices of letters and numbers here. S2e3C5nD is one example. S9f4C1a0 is another. S2f3C5a is a third. Any of these passwords could be recalled at a later date without having to write each one down, so long as you follow a basic pattern.
In these cases, you begin with a capital letter, then alternate case and alphanumerics thereafter. You may want to create a different password pattern than this, but you get the basic idea.
Remember: There's no guarantee that, even if you follow these tips, your systems or accounts won't be broken into. But by making the job a little harder for a hacker, you increase your changes that he'll give up and move on to another victim.
What do you think? How many of these guidelines do you follow? How do you deal with all your passwords? TalkBack below or e-mail edit@zdnet.com.au.
It is a fact of life that if you force regular password changes, the users will start writing them down. It makes more sense to limit the number of mistries per user ID to a small number, say 3. No matter how fast a cracking program is, 3 attempts a day before being locked out will slow the process. And the user who attempts to log on and finds he has exceeded the limit will be alerted to the illegal attempts at access. Of course, since this method has been used successfully for at least 30 years to my knowledge, it must be too old to be considered viable.
Frankly, the more foolproof the security design, the more likely it is to catch the not-so-foolish as well.