January 11, 2013

How to Create a Secure Password

If your password is password, the two first names of your children or 222222, this blog post goes out to you.

Its hard to remember twenty different passwords for your bank, email, online shopping and every social network you belong. But the truth is, bad guys are crafty, free software cracking tools are widely available and today’s incredible computing power makes quick work of even moderately complex passwords. I’d be willing to bet my Lookout water bottle that your password could be stronger. To keep your phone secure, you’ll need to create (and remember!) secure passwords for both your lock-screen and the different accounts you use on the internet.

Here are a few tips we pulled together to help. Keep in mind, this alone won’t keep you secure — but its a step in the right direction.

Specific to mobile phones:

  1. Make sure your phone has a password-protected lock-screen. Password (alphanumeric) is the strongest on Android, but numeric PINs are better than nothing.
  2. Say yes to two-step authentication if its offered. Many mobile banking websites or apps will send a code to your mobile phone that is then entered when you access the account or app.
  3. Set your phone to automatically lock on sleep mode if it is idle for a few minutes.
  4. Encrypt the data on your phone so that its protected from snooping when powered off. iOS devices automatically encrypt and Android users can configure it in “Settings.”
  5. Turning off “Make passwords visible” is a good idea so that potential snoopers can’t easily read your password as you type it.

For Internet passwords (which are now often accessed on your phone):

  1. As much as possible, the passwords that you use on the Internet should be different from all the other ones you use. Reusing passwords across multiple accounts creates a single point of failure.
  2. Use different email addresses for different accounts. Have a separate “junk” email address for spam or free sites that require login.
  3. Don’t use dictionary terms unless you are stringing them together in some sort of unlikely phrase. JennaSurfsHamBoatsForChristmas > jenna123. (Neither of these are my passwords BTW). This XKCD comic offers a witty take on why this is the case.
  4. The longer and more uncertain/uncommon the combination of letters, numbers and symbols, the more computational power needed to crack the password. Therefore, the most secure passwords are random but don’t have to be unmemorable. Thieves already account for simple letter / number substitutions, like using 3 instead of E, or $ instead of S. So P@$$w0rd is really just as safe as the normal way.

For a more in-depth look at passwords and their pitfalls, we recommend reading Mat Honan’s Wired article.

  1. John says:

    Many thanks – good information

  2. Jenna Kozel says:

    You are welcome John, thanks for reading.

  3. CAROL says:

    Thank you! Information Is very Helpful!

  4. Jerry Lee McKee says:

    Lots of great info

Leave a comment