New password primer: How to create an unbreakable one

Need a new password? An often overlooked but vital part of any computer user’s day-to-day life is creating secure new passwords every time they expire or when we create new accounts.

But creating the perfect new password is tough, because they need to be memorable and yet un crackable. From debit card PINs to logging into your favourite gaming site, passwords keep your personal information safe from people who are merely curious to the purely criminal at heart.

Yet the vast majority of people who create new passwords use laughably easy ones, or use the same password for many different logins.

The suggestions that follow focus on use on computer and mobile devices , but you can apply these tips to any kind of secure password or PIN use.

It is dangerous to get lazy  when creating a new password, whether it is for an online site that dispenses jokes-of-the-day or your personal bank account. Passwords help keep your data private, so you should give careful thought to each one you create and use, no matter the purpose.

What makes a good new password?

First, a brief primer on what makes a good new password.

  1. Never choose anything obvious, such as your own name, address, date of birth.
  2. Nor should you use information that can be easily guessed at such as the name of a child or spouse.
  3. Do not use common words such as ‘secret’ or even the word ‘password’ itself!

In a recent survey, many respondents said they use the same password for multiple web sites or accounts – an astonishing 49 per cent of people who responded to the survey in the U.S. admitted they don’t even keep records of their passwords at all.

More secure are those passwords that include numbers as well as letters, though – again – avoid easily-guessed sequences such as ‘1234peter’ and the like. The most secure new passwords are random mixes of letters and numbers, such as ‘gr9e5j30’ – even random guesswork or dictionary-based password attacks will have terrible difficulty trying to break these. Having a mixed letter-number (alpha-numerical, in computer lingo) password ensures no-one will ever guess it in one shot, and likely will move on to try to find other less-secure accounts than yours.

Random passwords lead to another problem, one that keeps many people still using simple, insecure words: random letters and numbers are hard for people to remember. The scene in the movie Ferris Bueller’s Day Off illustrates this problem: Ferris sneaks into the principal’s office to steal the password of the week, which is scribbled on a notepad in a drawer. Complex passwords are difficult to remember for anyone without perfect recall, thus most are written down in a ‘safe’ place. Bad idea: anyone finding this password list has access to all your information.

Password management software

This is where password management programs come into the picture. There are many available on the Internet, some for free and some you have to pay for. One of the best is a freeware gem called Password Safe. This program operates on a simple concept: all of your passwords are contained within it, protected by a master password. This means you only have to memorize ONE complex ‘master’ password to secure ALL your other passwords. From website access codes to PINS for bank accounts, you can keep any information you like secure inside Password Safe.

The program also utilizes 128-bit encryption to keep the master file data secure. This means that even if a thief or hacker gets access to your PC and finds the folder where the master password file is, they cannot get at your data. Without the master password, it would take current computers centuries to crack the encryption on the data file – far too much time and trouble.

There are also programs that automatically fill the correct passwords when you visit a specific site, but this is can be dangerous if the computer is not safeguarded. Anyone with access to your computer can access any web site you have passwords saved on. This kind of feature is also available in major web browsers such as IE7 and Firefox, but smart users know better than using it anywhere but sites where your information is not of a type to be overly worried about.

The ‘need to know’ password rule

Common sense tells us that the fewer people know a secret, the longer it stays a secret. Don’t give your passwords or PIN numbers to anyone who does not absolutely need to know them. For example, the common practice of sharing PINs between people (such as a girlfriend or boyfriend) is dangerous.

While trust is a great thing to have in a relationship, bear in mind that all thieves and hackers have to do is get a foot in the door. Once they manage to get a little information about someone, they can use that to make better guesses as to other passwords or PINs. Keep your personal information private as much as possible. Nobody will protect your passwords or PINs better than you will. Be sure to keep your secrets close.

Changing your passwords once in awhile is also a good idea, though perhaps not as often as some places (like banks) recommend. Changing them a few times a year will keep your data safe, as long as your passwords are not so simple that any child with time and a keyboard can easily guess them.

So make your passwords unique and as complex as you can manage to remember. The better they are, the less you will have to worry about the security of your private personal data – the perfect password is only good as long as just YOU know what it is.