We all know that a secure password helps keep your personal information out of the hands of hackers and malicious software. And we all know how to create a powerful password--about 15 characters, with a combination of uppercase and lowercase letters, numbers, and special characters.
But we aren't following this advice.
In January, the password management app producer SplashData released a list of the most popular passwords of 2014—i.e., the worst possible passwords. Horrifyingly, many of us are still using "123456," "password," or "qwerty" to guard our treasured personal data. People are also using their birth date, their spouse's birth date, their address, the number of children they have, and their pet's name. This information can be easily uncovered on your Facebook profile or driver's license, leaving your password extremely vulnerable.
Who decided that a pet's name makes for a safe password anyway? You repeatedly scream "Sparky!" down the street every time your pooch bolts out the front door on a short-lived quest for freedom. Your neighbors three streets over know exactly when Sparky is on the run, which means they are that much more likely to correctly guess your password and hack your system.
The truth is, if there is any logic to your password, it is susceptible to an attack. There should be nothing predictable about it. The goal is to think up a password that is easy to remember, but nearly impossible for someone else to guess—yet for many of us, those two requirements seem mutually exclusive.
The Center for Identity is here to help.
One of the biggest concerns people have when creating passwords is that they will forget their cryptic combination of letters and numbers. Our brains are already strained to remember life's fleeting moments. Instead of setting yourself up for a headache, use a few facts about memory to your advantage.
According to a 2007 study by Professor Elizabeth A. Kensinger of Boston College, published in the psychology journal Current Directions in Psychological Science, negative emotions and experiences trigger increased activity in a part of the brain linked to memories. Unpleasant events are remembered more often than positive ones.
Keeping this very important piece of information in mind, you can create more complex passphrases that you won't soon forget.
First, think about your mortal grade school enemy. Everyone has one. That cruel brown-noser in your third grade class who broke your new crayons, or that scrawny dweeb who got lucky on one punch by the bike rack. You will never forget their name, which is why it will make for a fantastic password.
Next, envision your least favorite food. Bologna, foie gras, wienerschnitzel, Uncrustables, water chestnuts … whatever makes your stomach queasy.
Now combine these two precious nuggets into a passphrase: Susan loves bologna.
Your childhood enemy and your least favorite food, together in a simple sentence. That's not difficult to retain at all!
Remember that an effective passphrase is a medley of numbers and special characters. We will sprinkle in a little leetspeak, a techy term to describe replacing letters with other characters. (While we suggest using some of this, it's important to not create an exclusively leetspeak passphrase. Hackers know the lingo.)
Taking a closer look at "susanlovesbologna," let's make some changes:
- Replace the A's with @ signs
- Swap all of the O's with zeros
- Take out each S and use $ instead
- For good measure, capitalize the last letter of each word
The final product: $u$@Nl0ve$b0l0gn@
Looking at that glorious mess, no one knows you still harbor deep feelings of rage for poor Susan (she didn't mean to scribble on the paper so hard) or that the mere thought of a limp slice of lunch meat makes your stomach turn. Your secret is safe, as is your online identity.
It is also unwise to use the same password for multiple sites. You need a passphrase for your personal email, one for your Pinterest profile, one for your bank account, one for iTunes, and so on. This is necessary because if one profile is compromised during a breach, a criminal could then have access to all of your accounts. You need a few fantastic passwords at your disposal. Instead listing off a slew of foods that Susan may or may not hate, there are some other creative options.
Music is universally appreciated and popular songs are easy to recall. Let's select a ridiculously catchy track that you will forever remember (and eventually hate).
In this example, we will use the Billboard-acclaimed Macklemore and his massive hit single "Thrift Shop," in which he repeats the phrase, "I'm gonna pop some tags."
This time lets replace N's with "^" and the O's (again) with zeros. Capitalize all the G's. If you're feeling feisty, you can throw a hashtag in front of the whole thing.
The end result: #imG0^^ap0ps0metaGs
That password is near impenetrable.
According to howsecureismypassword.net, "#imG0^^ap0ps0metaGs" would take 5 quintillion years for a PC to hack.
We also suggest spelling a phrase backwards. Let's try it with a movie quote.
In "Anchorman: The Legend of Ron Burgundy," starring Will Ferrell, Ferrell's character concludes, "Milk was a bad choice."
We are going to turn this hilarious line into an unrecognizable password.
- First, substitute the @ sign for A
- Use the number 6 instead of B
- Make the O an asterisk
- Capitalize the first two letters of "milk"
- Put an exclamation mark at the end, so you type it with added meaning.
Now, turn the whole thing around.
The end result: !eci*hcd@6@s@wklIM
What is that mess? You don't know, we don't know, and hackers definitely don't know! Most importantly, you'll remember it.
You likely still need more passphrases, but perhaps you're insanely pleased with your "Susan loves bologna" line, and want to use it on all the sites you frequent. You can't. But you can take your secure passphrase and tailor it slightly for each of your sites:
- Add GMA to the front of $u$@Nl0ve$b0l0gn@ for your Gmail account
- Add ZON to the end of $u$@Nl0ve$b0l0gn@ for an Amazon account
- Add UTEX to $u$@Nl0ve$b0l0gn@ for your school password
This is easy to remember, no?
Now, guard your passphrase with your life! Don't share it with anyone. Don't email it to your husband. Don't give it to your best friend. Keep your password private, so your information remains protected.
If you are still stressed you may forget a passphrase or two, it is acceptable to write it down on a neon-colored scrap of paper. It is far more likely someone will hack into your current, weak password-protected account than it is they will break into your house and make off with a Post-it Note. Maybe just put "Susan loves lunch meat" as a reminder, and stash it far away from your computer.
*Please do not use any passwords listed above.