PasswordsIf your idea of a smart password is your first car followed by your mother's name, you need to get with the program. Hackers have recently stung Fox News (NWS) and Apple (AAPL), the International Monetary Fund, Lockheed Martin (LMT) and Gmail (GOOG): How can you expect to protect yourself with lazy wordplay?

DailyFinance offers this guide to create secure but easy-to-remember passwords before the cyber-nasties get your personal information and ruin you. Robert Siciliano, a security specialist and consultant for McAfee (INTC), a maker of malware detection software, does the honors:

Use a combination of upper- and lower-case letters, numbers and characters. It's not as complicated as it seems. For example, let's say someone wants to use the phrase iamhappytobe29 as the password foundation. Capitalize the i, keep the "am" lowercase and use the now-familiar colon and closed parenthesis :) to signify happy, Then substitute a 2 for "to" and b for "be," followed by a numerical 29. The password comes out Iam:)2b29. It's like personalized license plate script with the added benefit of characters.

Use a different password for every account. It's not complicated, Siciliano assured us. To avoid confusion, merely add a category to your main password. For example, for a bank account, your password could be Iam:)2b29bank. An AOL (AOL) account could be Iam:)2b29aol.

Get rid of passwords with favorite colors, pet's names, 1-1-1-1-1 and the like.
Hackers have developed what are called dictionary attacks that cover words and number sequences. If you must use a familiar name, add something to make it tougher to crack. Say you visited Positano, Italy, on vacation recently, Siciliano said. Even making the password Positano123 is more effective. It's not Fort Knox-secure, but better.

Know you are being watched.
Not in that paranoid "they stuck a microchip in my kidney" way, but for real. Hackers are monitoring your Facebook page and other social media. They are Googling you. They are gathering any intel they can to decipher the code that is you. A hacker infiltrated Sarah Palin's personal Yahoo (YHOO) account by using her birth date, zip code and by answering one security question -- where she met her husband -- to reset her password. The information was all in plain sight on the Internet. "Hackers are inquisitive, inventive and like to solve puzzles," Siciliano said.

Be vigilant against phishing. Phishing, the dastardly art of sending emails that appear to be from a source you trust but are set up to commit identity or credit card theft, is as dangerous and sophisticated as ever. The same examination of your Internet life has pushed phish email to a scary level of authenticity. If an email from a familiar address asks you to divulge sensitive data, call the sender and make sure it's legit. And for Cybergod's sake, make it a policy not to click links in the body of an email unless you're sure the sender is legit. "You can open up a Pandora's Box," Siciliano said. "You could be providing data to the bad guys or clicking onto something that compromises your computer."

Change your passwords every six months or so. Doing it more frequently is preferable, but, given that it's human nature to put off such tasks, twice a year will suffice, Siciliano said. If you're managing more than 15 accounts or so, you might want to look into password managers such as Roboform or Last Pass.

The root of a secure password begins with a secure PC. Make sure you have an anti-virus program installed and updated. "You can have the most secure password in the world," Siciliano said. "It won't matter if your PC is infected. The PC itself has to be secure. Otherwise, what's the use?" Anti-virus software you pay for usually scans your machine automatically, but if you have a free anti-virus program, you'll have to start it manually, Siciliano said.

And remember: B:)2bhackfree.


Increase your money and finance knowledge from home

Understanding Credit Scores

Credit scores matter -- learn how to improve your score.

View Course »

Introduction to Retirement Funds

Target date funds help you maintain a long term portfolio.

View Course »

Add a Comment

*0 / 3000 Character Maximum

22 Comments

Filter by:
cspensir3623

This is a password that I used about twenty years ago."mfdswiPCf"...My first duty station was in PCf.

April 21 2012 at 7:27 AM Report abuse rate up rate down Reply
vfmccoy

I use splashID which generates a password and saves it in a secure database. A display of the list is encrypted and you can't see anything without the DB password. Plus my harddrive is encrypted. So you need 3 different passwords just to get to the password DB

Then you only need to remember one password to get into that database.

In my business environment we are required to have multiple passwords as well has change them frequently so it like hitting a moving target

Works well for me!

November 17 2011 at 7:43 PM Report abuse rate up rate down Reply
Dialurdoctor Medrx

The information is very valuable .Thanks for sharing it.Great work.

http://www.dialurdoctor.com

August 01 2011 at 3:53 AM Report abuse rate up rate down Reply
abcbennett

I have found that I can make a hard password just by making it a long password. for accounts I care about I use 14 plus character passwords. Yes caps, numbers and special characters are needed, but the longer the password the better so make a run on sentence with not spaces like
123Isuredolovecookies456 and you will have a password that you can remember and that will be near impossible to break. I have found a password safe is only safe if you can memorize the password to the safe and never share it or forget it.

July 13 2011 at 1:24 PM Report abuse rate up rate down Reply
Steve

At my previous job, the IT dept configured the "secure" user password requirement and I threw up my hands. I had eight passwords I used in rotation depending on what the system would accept as not recently been used by me:

Qwertyu1, Qwertyu0, Poiuytr1, Poiuytr0, Zxcvbnm1, Zxcvbnm0, Mnbvcxz1, Mnbvcxz0

July 13 2011 at 8:49 AM Report abuse rate up rate down Reply
zy1e

FREE Oil Trading Room: The time has come for me personally to demonstrate the secret code for FREE twice per month in REAL TIME inside my online trading room. I will show that I know which direction oil is going to go over and over and over again without end. FBI, Secret Service, Judges, Lawyers, Doctors, Media, Traders, you are all invited to watch a scientist demonstrate how the oil market trades via a computer program. Click here http://oiltradingacademy.com/trainingroom.htm

July 11 2011 at 10:43 PM Report abuse rate up rate down Reply
don43

The problem is you don't get to set the parameters for passwords. One company demands upper and lower case, the next one demands only lower case, the next one demands symbols, the next will not allow them and the next one only wants numbers (from 6 to 9 only). When will companies setting up password systems into their accounts standardize on allowing upper and lower case letters, numbers and selected symbols of long lengths? Even random passwords don't always work because of the limitations of the software reading the passwords.

July 11 2011 at 2:50 PM Report abuse rate up rate down Reply
jmmydageek

1> DON'T PICK PASSWORDS. Generate it randomly. You won't be tempted to skimp on it.
2> DON'T MAKE PASSWORDS SIMPLE. A strong password must contain lowercase and uppercase letters, digits and symbols.
3> DON'T USE SHORT PASSWORDS. The longer the password, the less likely it will be guessed. 8 characters is the shortest, 10 characters are better.
4> DON'T REUSE PASSWORDS. I got hacked because I stupidly reused my password with my e-mail address. And don't use a pattern like the base suggested above. Hackers are not stupid.
5> DON'T MEMORIZE PASSWORDS. Random, strong, long, unique passwords are hard to remember. And if you have 50 accounts, like I do, they're impossible. I use LASTPASS.COM with a strong password. It fills in my username and password for each site I visit, so I don't have to type it. Despite the recent hack, Lastpass did not have any problems. All information is stored and transported encrypted between your computer and their computer.

Also, you also need 5 different e-mail addresses to reduce the problem of phishing. They are:
1> Personal - for friends and family.
2> Commercial - for buying legit stuff from legit stores
3> Financial - for anything to do with saving and making money
4> Junk mail - for subscribing to newsletters and connecting with people that are not friends.
5> Spam - for all other uses. This is the one that it won't matter if you lose it. This is the one that will probably be spammed the most.

Don't use your name for the junk mail & spam addresses. Spammers love to combine names with e-mail extensions to guess at a hit. It costs them almost nothing to send billions.

July 11 2011 at 11:46 AM Report abuse rate up rate down Reply
caohellsux1978

Hi everyone! I got so tired of clicking on the link "Latest Financial News", and looking at stories that have been there over a month. Their top story has been there since January! And the stories that are actually current, you cant comment on them! I moved over to Yahoo. There pages are much, much better. You actually get current news, and you can even comment! What a novel idea!

July 11 2011 at 9:31 AM Report abuse rate up rate down Reply
nicynick

thanks for all the good ideas you people gave.

July 10 2011 at 7:31 PM Report abuse -2 rate up rate down Reply