12345, Ashley, password, and iloveyou may be easy passwords to remember, but to hackers they look more like “hack me”. In a world where hackers can crack most common codes in mere seconds, passwords like “suzy1959,” “admin123” are just not cutting it. The combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account or a mere 17 minutes to break into 1000 accounts.

We expect a certain level of security when working on our computers, whether we’re filling out private account information, making online purchases, or uploading files to a trusted site. But just because a site provides the login screen (the “lock”) doesn’t mean your key is doing its part to protect your information.

A study on password worst practices by Imperva (http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf) revealed half of us use the same (or very similar) password to all websites that require logging in, and if allowed we will choose very weak passwords even for sites that hold our most private and important data.

As we continue to dedicate more of our lives to the digital world, it’s imperative that we safeguard personal information. Even seemingly silly or irrelevant accounts can reveal pertinent information like your email account, last name, nickname or location — all of which can be used to unlock other areas of your private data.

Choosing the right password can exponentially improve your security. And while trying to be meaningfully random is not always easy, there are a few guidelines that can help you create a password that is both fool-proof and easy to remember.

Do Not:

  • Use a default password, such as “password” or “admin”. Check out this NY Times article for examples of the most popular passwords (this is not the time to be popular): http://www.nytimes.com/2010/01/21/technology/21password.html?_r=1
  • Use only letters or numbers with no variation
  • Use your account name in any way. If you are JohnnyD, your password should not be John5
  • Use any word or name that can be found in the dictionary or commonly digitized texts such as the Bible or encyclopedia
  • Use the reverse spelling of any word or name in the dictionary (i.e. happy > yppah)
  • Use alphabetic, numeric or keyboard sequences (i.e. abcd, 12345, qwerty)
  • Use personal information (birthday or birth year, social security number, house address)
  • Use the same password for every account
  • Store your password anywhere on your computer (try using something like Blackberry’s Password Keeper app instead)
  • Write your password in an email

Password musts:

  • Use at least 8 characters (the longer the better!)  “A search to find an eight-character password of random letters and digits would take 66 years on average for the big gun of the day…which could crunch through nearly 50,000 combinations a minute in a brute-force search” -CNET News.com
  • Mix things up. Use a combination of numbers, symbols, and upper- and lower-case letters
  • Place numbers and punctuation marks randomly in your password
  • Use different passwords for everything to prevent ALL accounts from being compromised if one is hacked
  • Change your password regularly (we recommend quarterly), particularly for highly sensitive accounts like online banking. Minor variations of the same password don’t count.
  • Make sure you log off of all accounts before leaving a computer
  • Choose a combination of letters, words and symbols that seems random to everyone except yourself

A trick to choosing a solid password:

Come up with a memorable sentence or phrase, then take the first letter of each word. “My curfew in eight grade was ten at night!” becomes “mciegwtan!” Substitute in numbers, upper- and lower-case letters, and punctuation. Your password becomes: mCi8gw10@N!

This password seems random, but can be more easily remembered by you as the phrase.

Here are some other tip sites for choosing a good password:


Like most of us, you’ve got some work to do – do not procrastinate on it. You do NOT want to know what it feels like to get hacked and then have to take the time (and the financial hit) to sort it out.