DailyFinance offers this guide to create secure but easy-to-remember passwords before the cyber-nasties get your personal information and ruin you. Robert Siciliano, a security specialist and consultant for McAfee (INTC), a maker of malware detection software, does the honors:
Use a combination of upper- and lower-case letters, numbers and characters. It's not as complicated as it seems. For example, let's say someone wants to use the phrase iamhappytobe29 as the password foundation. Capitalize the i, keep the "am" lowercase and use the now-familiar colon and closed parenthesis :) to signify happy, Then substitute a 2 for "to" and b for "be," followed by a numerical 29. The password comes out Iam:)2b29. It's like personalized license plate script with the added benefit of characters.
Use a different password for every account. It's not complicated, Siciliano assured us. To avoid confusion, merely add a category to your main password. For example, for a bank account, your password could be Iam:)2b29bank. An AOL (AOL) account could be Iam:)2b29aol.
Get rid of passwords with favorite colors, pet's names, 1-1-1-1-1 and the like. Hackers have developed what are called dictionary attacks that cover words and number sequences. If you must use a familiar name, add something to make it tougher to crack. Say you visited Positano, Italy, on vacation recently, Siciliano said. Even making the password Positano123 is more effective. It's not Fort Knox-secure, but better.
Know you are being watched. Not in that paranoid "they stuck a microchip in my kidney" way, but for real. Hackers are monitoring your Facebook page and other social media. They are Googling you. They are gathering any intel they can to decipher the code that is you. A hacker infiltrated Sarah Palin's personal Yahoo (YHOO) account by using her birth date, zip code and by answering one security question -- where she met her husband -- to reset her password. The information was all in plain sight on the Internet. "Hackers are inquisitive, inventive and like to solve puzzles," Siciliano said.
Be vigilant against phishing. Phishing, the dastardly art of sending emails that appear to be from a source you trust but are set up to commit identity or credit card theft, is as dangerous and sophisticated as ever. The same examination of your Internet life has pushed phish email to a scary level of authenticity. If an email from a familiar address asks you to divulge sensitive data, call the sender and make sure it's legit. And for Cybergod's sake, make it a policy not to click links in the body of an email unless you're sure the sender is legit. "You can open up a Pandora's Box," Siciliano said. "You could be providing data to the bad guys or clicking onto something that compromises your computer."
Change your passwords every six months or so. Doing it more frequently is preferable, but, given that it's human nature to put off such tasks, twice a year will suffice, Siciliano said. If you're managing more than 15 accounts or so, you might want to look into password managers such as Roboform or Last Pass.
The root of a secure password begins with a secure PC. Make sure you have an anti-virus program installed and updated. "You can have the most secure password in the world," Siciliano said. "It won't matter if your PC is infected. The PC itself has to be secure. Otherwise, what's the use?" Anti-virus software you pay for usually scans your machine automatically, but if you have a free anti-virus program, you'll have to start it manually, Siciliano said.
And remember: B:)2bhackfree.