In this digital age of ours, passwords have become a way of life. From using your ATM card to logging onto innumerable websites, you need to prove you are who you claim to be with a password.
What's the most common password people use? Various surveys have revealed that it's simply "password." Consequently it's likely that this would be among the first passwords a scammer would use to try to clean out your bank account.
Other all too commonly used passwords include "123456," "12345678," "welcome," "abc123," "qwerty," "monkey," "letmein," "dragon," and "111111," according to a recent study by security company SplashData (www.splashdata.com).
Additional mistakes people make are using as a password your birthdate, the name of a relative, or a dictionary word. Some password-cracking programs simply run through all of the words in a particular dictionary.
Passwords represent a balance between security and rememberability. Make a password too easy and it doesn't serve its purpose, too difficult and you're left having to ask for a new one.
Websites these days often require you to use a password that consists of at least eight characters made up of both letters and numbers, which makes it more difficult to crack. But some security experts now recommend 12 or 14 characters and that passwords also include uppercase and lowercase letters as well as symbols.
As an example of the possible vulnerabilities, a security conference this past December in Oslo, Norway revealed a computer setup clustering together multiple devices that was able to make 350 billion password guesses per second. This allowed it to run through, for any given account, every possible eight-character combination of letters, numbers, and symbols in 5.5 hours.
Such "brute force" password-cracking setups can also theoretically reveal longer passwords, but it could take them days, weeks, or even years, making the effort impractical. Some sites prevent further attempts if more than a given number of incorrect passwords are tried. Bank and other financial sites also typically use "two-factor authentication," including asking you for the answers you've previously given to security questions such as your favorite sports team.
What's the best type of password? Size matters. One good choice according to security experts: A short sentence that's easy to remember, not too difficult to type, and very difficult to crack.
Security experts also recommend you use different passwords for different sites. News reports surface periodically of isolated but high-profile hacks of websites in which thousands of users' passwords are breached. In such cases if you use the same password for different sites, your other accounts could be compromised.
Another recommendation is to periodically change your passwords. But anecdotal evidence indicates that relatively few people use a different password for each site they visit that requires one or voluntarily change their passwords over time.
Some people write down their passwords on a piece of paper, even taping the paper to their computer or desk. The obvious downside to this is the risk of someone, from a nosy babysitter to an office adversary, coming across it.
Password-management services exist that can make it easier to use numerous passwords for numerous sites, requiring you to remember only the one password for the service you use. Two recommended free password managers are KeePass (www.keepass.info) and Lastpass (www.lastpass.com).
Using a password manager does necessitate having trust in it. But such trust is not much different from the trust needed each time you make a purchase with a credit card, giving out your credit card number, expiration date, and security code.
An intermediate solution used by a lot of people is storing their passwords on their computer in a word processing file and then password-protecting that file with a strong password. If you go this route, you should make at least one backup of the file, preferably using a backup service such as Dropbox (www.dropbox.com) or Google Drive (http://drive.google.com), in case your computer or workspace is damaged.
It's also important to use a standard Internet security program, and to keep it up to date. This can prevent "keystroke logging" and "clipboard logging," which a hacker can use to capture any password you type in or copy, no matter its length, and the site you type it into. Recommended programs include Norton Internet Security (http://us.norton.com/internet-security) and Kapersky Internet Security (www.kaspersky.com).
In the future, passwords may be rendered obsolete by more advanced technology. One possibility is biometrics, in which you're identified by a physical trait such as your fingerprint or voice. In the meantime, use long passwords.
Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. He can be reached at firstname.lastname@example.org.