The most common solutions for keeping track of your computer passwords no longer provide enough protection. Are you still doing the following?

  • Picking obvious passwords, such as 123456, abc123, [Your Pet’s Name] or [Your Mother’s Maiden Name]. Problem: Many people can guess these easily and break into your accounts.
  • Using the same password for multiple accounts. Problem: This allows a person who knows your password to access more than one of your accounts.
  • Taping password reminders to your computer screen or leaving them in the top drawer of your desk. Problem: They are easily accessible to anyone who enters your home or office.

    • Better strategies…

    HIGH-SECURITY PASSWORD

    The safest passwords are nondictionary words of at least eight characters that contain a combination of numbers and lowercase and uppercase letters.

    This sounds like a chore, but it’s actually easy if you use this three-step system…

    1. Use a mnemonic device to come up with your “core” password. Use a memorable combination, such as your spouse’s initials and the month and day of your anniversary. Example: If your spouse’s initials are ST and you were married on June 3, your core password is ST0603.

    2. Create unique passwords by using variations on your core password. Take the name of the particular Web site you are creating a password for, and add the first letter to the front of your core password and the last letter to the end, all in lowercase. Examples: If you use the Amazon.com Web site, your password is aST0603n… if you go to www.Vanguard.com, your password is vST0603d.

    3. For added protection, add a layer of variation to your core password. For example, if your Vanguard password (vST0603d) doesn’t feel secure enough, go one step further. Add another number to the end of it. Take the final letter of your password and convert it to the corresponding number on a telephone number pad. Since the letter “d” corresponds to the number “3,” your new password is vST0603d3. That’s nearly impossible to crack, but fairly easy to recreate should you forget it.

    [Many sites today also require at least one special character—such as a dollar sign or an exclamation point—and it’s good for your security to include one even when a site doesn’t insist. An easy way to do this is to swap in a special character for a letter that reminds you of that special character—such as using a dollar sign instead of an “s” or an exclamation point instead of an “i.”—Ed.]

    EXTRA SECURITY

  • Choose the right security question. Many Web sites now require you to answer a preselected personal question when you choose a password. You’re usually allowed to select the question you want to use. Avoid picking one whose answer is open to interpretation or difficult to spell. Example: I usually use a security question that asks for the city of my birth, but not one that asks for my favorite food (which could change) or my elementary school. (Was it PS 12 or P.S. 12 or PS #12?)
  • Write down your passwords and security answers. Keep this information in a secure place, such as a safe-deposit box. If you die or are injured, your family still will have a way to access your Web site accounts.
  • Consider password-management software protected with encryption. You create a database of all your passwords on your computer and secure the file with a master password. My favorite encryption software: KeePass, http://keepass.info. Cost: Free. Put your master password in your safe-deposit box.