The Heartbleed security flaw is just the latest reminder about internet password security.
Here are a few simple suggestions to keep your passwords secure.
Identity thieves are way past guessing likely words. They use computer programs to test all kinds of password combinations. The simplest and easiest passwords to crack are ones that are all lower case - and use words found in a dictionary.
So avoid using names or dictionary words. Keep passwords looking like they don't make sense, like random groupings of numbers, upper and lower case letters and punctuation marks. That creates many more combinations to try.
The simplest and most powerful thing you can do to defeat computerized password cracking is length. Use the longest passwords you can. Adding just six additional characters to a 10 digit password makes it billions of times harder to crack.
It's also very important to keep your passwords unique. Don't use the same one on multiple sites. Once a thief learns your email or Facebook password, it's no work at all to see if it also opens up financial portals like paypal or banking sites.
Most financial and commercial sites have rock solid security. The problem is all the other places you've created a password. When thieves find a site that doesn't lock them out after several unsuccessful attempts, they can run a program to try millions of combinations against your email address or logon. Once they learn a password works, they can try it on other sites where you have a lot to lose.
If you do all the steps we've outlined, your passwords should be secure, but unfortunately very hard to remember.
Here's a simple way to come up with lengthy, random looking passwords you can remember.
Use something you'll remember, like a phrase or song. Use the first letter in every word. Or the last.
Here's one everybody knows - Mary had a little Lamb. In this password building block, we've capitalized the nouns. You could do verbs or adjectives, or something else to get a mix of upper and lower case.
Then, in between the letters, add some numbers you'll remember, maybe a favorite athlete's jersey number, or the last digits of a year when something important to you happened. Say Jason Witten is your favorite Dallas Cowboy ... insert his jersey number, 82, in between letters the first few letters.
Here's how our password looks now:
M 8 h 2 a l L
Then, to make your password unique, have a place where you use something particular to each website. A simple way to do this is to always insert the first three letters of the site's name. You can add any wrinkle you like, such as capitalizing the third letter. That would be ebA for Ebay, or amA for Amazon.
Insert those after the number. Or before. It's your password system. Just choose a place and always do it that way.
Let's say the site we're dealing with is Amazon.com. Here's how our password would look now:
M 8 h 2 a a l m L A
Add in some punctuation marks. If you think they'll be tough to remember, link them in your mind to the numbers on the same keys on your keyboard. Pick another memorable number. Say you were married in 1987. If you can remember 87, the asterisk (*) is on the 8. The ampersand (&) is on the 7.
This is staring to look like a really tough password to crack:
And it also looks really hard to remember - But once you get used to the basics of your pattern:
Mary had a little Lamb (nouns in caps)
Jason Witten's uniform number.
The first three letters of the site (third one capitalized)
and the year you were married (using the punctuation marks on those numbers)
you can come up up with complex, unique passwords for any site that you really can remember.
It doesn't need to be THIS system. Just develop A system using things familiar to you. An ideal password would have more characters than the example we created here. Just add more features you can remember to get more characters.
If you're already thinking ahead to sites that restrict the password to a smaller number of characters, just have it be part of your password system to eliminate characters from the right side. Or the left. Or after the unique portion.
If there's a site that won't let you include punctuation, just substitute the numbers on those same keys.