In the past couple of months, security researchers have discovered huge numbers of hacked passwords for popular websites posted to the net, available for hackers to use and abuse. One of the things made obvious is how many people use the same, easy-to-guess passwords for their online activities, such as Facebook, LinkedIn, and Twitter.
The most popular passwords are "123456" or the even more clever "123456789" or the ever-popular "password." After we wrote about 2 million more user names/passwords unearthed this week, we heard from computer security expert Neal O'Farrell, executive director of The Identity Theft Council.
He offered this excellent tip about how to create easy-to-remember passwords that are hard for hackers to guess: Don't use passwords, use passphrases.
He explains it this way:
A passphrase is a short sentence that’s easy for you to remember – that describes something about you and your life, for example - but that a hacker would have a very hard time knowing or guessing.
For example, the phrase could be something like “I graduated from Notre Dame University on June 1st 2002.” Pick the first letter from every word in that phrase, making sure you include the upper and lower case, and keep all the numbers.
That would give you the following password: “IgfNDUoJ1st2002” That’s a massive 15 characters and includes upper and lower case letters and numbers. Change the “I” to the symbol “!” and now you’ve made it even harder to crack.