Geek Smarts: Choosing an Effective Password

In this modern age, you most likely are using a computer at work and/or at home on a fairly regular basis. And in using these computers, you no doubt have to use a password for something (e.g., to login to your workstation, the login to your personal email, to login to your MySpace account). The individual rules about how long your password should be and what type of character data it should contain may vary for each of these instances, but the premise is the same: to protect your information. Below are some basic tips in selecting a password that will do so effectively.

1. Make it personal - generally speaking, you want your password to reflect you in some way that makes it memorable while still remaining obscure. While the other rules that I will give may seem contrary to this one, they are all equally important and can be mutually inclusive. A common struggle that people have with passwords is that they will obfuscate it in some random way to follow given requirements and later forget what those variations were thus rendering the password useless.

2. Go above and beyond - many logins require passwords to be at least 6-8 characters and in some cases there may be a requirement for an alphanumeric mix or the addition of some other symbol. This is in an effort to thwart hacking methods such as password bots that will run through common words, names, and numbers until it makes a match. You should formulate a password that follows all of these rules and is long enough to meet any length requirements out there (8 characters is usually enough).

3. Mix it up - though many passwords need to contain some mix of letters and numbers, there are not always rules that say in what order these should fall. It is a common failing that people will place the required numbers at either the beginning or end of their password. It is much more secure to place numbers in the middle of the password or at both ends - even better if they occur seemingly randomly throughout the password.

4. johnjr2002? Try again - The most common elements used in passwords are names of children or pets and important dates such as birthdays or anniversaries. This information is not nearly as private or obscure as you would think and should almost never be used in a password unless it is done so VERY creatively (e.g., use values from the dates of different events, use a mix of initials or nicknames that are not commonly known).

5. Privacy isn't just about hackers - you may have constructed a password that is unlikely to be figured out by an identity thief or hacker, but if your child or a family member could figure it out within a few tries, then it isn't as good as you think. It is possible that you may not have anything you need to hide from your kids/parents/spouse/fiance/roommate, but truthfully it is unlikely. It may seem odd to suggest keeping your password obscure enough that even the people you trust most are unlikely to figure it out, but if you do so your password will only be that much more secure.

6. Don't undermine your efforts - so you've created a password that you think is safe and secure. Then, just in case you forget it, you write it down on a post-it and put it in your wallet or worse yet on your monitor (please tell me you didn't really do that). If you can't remember it, then it is too obscure. Simplify it and try again. If it is so complex that you need it written down, then by doing so you are undermining the security you are attempting to create.

7. Diversify - a password that you use to login to your work computer and a password that you use to login to a social website carry with them different levels of protection of such data. Some websites will actually send you a registration confirmation that contains your password in plain english. If you find yourself in such a case, I suggest having multiple passwords and create a usage schema that makes sense to you. For instance, if you do a lot of banking and financial management online, then you may want to have one password that you always use on such websites. By designating 2 or 3 usage categories and remembering a single password for each of these, you should be able to manage all of your login scenarios without getting lost or having to constantly click on "Forgot Password?" links.

8. Be prepared for change - a lot of businesses have started implementing stricter password rules including requirements to change passwords on a regular basis and limiting the frequency of reuse. This could greatly complicate your efforts to create an effective password. But if you follow the rules above and try to anticipate upcoming changes, then you should be able to stay secure without getting stuck (no one really wants to bug his/her IT guy over this).