Fix Your Terrible, Insecure Passwords in Five MinutesA foolproof technique to secure your computer, e-mail, and bank account.
Posted Friday, July 24, 2009, at 7:05 AM ET
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponStart with an original but memorable phrase. For this exercise, let's use these two sentences: I like to eat bagels at the airport and My first Cadillac was a real lemon so I bought a Toyota. The phrase can have something to do with your life or it can be a random collection of words—just make sure it's something you can remember. That's the key: Because a mnemonic is easy to remember, you don't have to write it down anywhere. (If you can't remember it without writing it down, it's not a good mnemonic.) This reduces the chance that someone will guess it if he gets into your computer or your e-mail. What's more, a relatively simple mnemonic can be turned into a fanatically difficult password.
Which brings us to Step 2: Turn your phrase into an acronym. Be sure to use some numbers and symbols and capital letters, too. I like to eat bagels at the airport becomes Ilteb@ta, and My first Cadillac was a real lemon so I bought a Toyota is M1stCwarlsIbaT.
That's it—you're done. These mnemonic passwords are hard to forget, but they contain no guessable English words. You can even create pass phrases for specific sites that are coded with a hint about their purpose. A sentence like It's 20 degrees in February, so I use Gmail lets you set a new Gmail password every month and still never forget it: i90diSsIuG for September, i30diMsIuG for March, etc. (These aren't realistic temperatures; they're the month-number multiplied by 10.)
How many different such passwords do you need? Four or five at most. You don't have to keep unique passwords for every single site you visit—Thompson says it's perfectly OK to repeat passwords on sites that don't need to be kept very secure. For instance, I can use the same password for my accounts at the New York Times, the New Republic, The New Yorker, and other online magazines, because it won't hurt me too much if someone breaks into those. (My mnemonic is, I like to read snooty publications quite often.) You should probably use different passwords for each your social networking accounts—someone can do real damage by breaking into your Facebook or Twitter, so you want to keep them distinct—but you can still come up with a single systematic mnemonic to protect them: Twitter is my second favorite social networking site, MySpace is my third favorite social networking site, etc. Reserve your strongest, most distinct passwords for the few very important services that, if cracked, could do the most damage—your bank account, your computer, and most of all your e-mail, which often contains the keys to everything else in your life.
To be sure, this is more of a hassle than what you're doing now—but what you're doing now is going to come back to bite you. These days, we're all dishing personal information all the time; you may think that your password is totally unguessable, but your Facebook makes clear that you're a huge U2 fan and you graduated from college in 2000. Achtung2000, eh? Just go ahead and make some new passwords right now. Trust me, you'll feel better.
Did the NYT Just Call Joe Biden the Second Most Powerful Vice President Ever?
Meet the TV Genius Behind Jon & Kate, Table for 12, and the Duggars
Does the Health Reform Bill Really Restrict the Rights of Gun Owners?
Don't Fall for Best Buy's Scam To "Optimize" Your New Macintosh
Would Sen. Obama Approve of President Obama's Afghanistan Plan?
How Roald Dahl's Stories for Children Eclipsed His Fiction for Adults
iPhone has a number of apps that produce highly random passwords. I have been using it for a few months on sensitive logins and it is great. The only catch is that you need to come up with a password for the actual app (Farhad's method would work great here). I suppose the app could be hacked as well, but everything I have read says they are pretty secure. If this is not the case, pls speak up!!
-- deirwin
(To reply, click here)