• reganland

How to Create the Strongest, Most Hacker-proof Passwords

Updated: Aug 27, 2019

If you are reading this today (5/21/14) you may have heard that eBay asked 145 million of their users to change their passwords today after hackers gained access to their network. The database they accessed contained customer names, passwords, birthdates, email addresses and physical addresses. Lucky for them, they had stored their customers’ financial and credit card information in a separate database that the hackers didn’t get into. REALLY lucky for them. Especially considering that the breach occurred somewhere between late February and early March and they had no idea that there was anything wrong until about two weeks ago.

*If you have an eBay account, and have not changed your password yet today, stop everything and do it now.

My advice to you is to never store your debit or credit card information on any website if you can help it. You should always have the option to enter that information on a per-purchase basis. And that’s the way to do it. Also, I would avoid using debit cards at any major retailer. You likely heard what happened to Target (and thus Target customers) last December. Not good. I have no problem using my debit card at my local co-op grocery store, but I would never use it at a major retailer such as Home Depot. I will use a credit card there if necessary, because we have better protection against fraud with our credit cards. I try to use cash whenever possible. Someday these United States and our banks and retailers will catch up with the rest of the world and have “chip and pin” cards which provide much greater security. But until then…

OK. Let’s try and keep on subject here and talk about passwords. Let’s face it. Passwords are a pain. Just about everything you do on your computer or smartphone requires a password or PIN or pattern. Hopefully you already know that you are not supposed to use the same password or PIN in multiple places. And that you are not supposed to use very simple or easily-guessed passwords or PINs. If your password for your bank account is “password” or “password123”, change it NOW. If the pin for your ATM card is “1212” or “1234”, change it NOW.

So the experts tell us that we are supposed to have a different password for every website that we need to log onto. That is definitely the best way to make sure that you, your money and your information are the most secure. You should also not have the same username for multiple websites.

Keep in mind that we’re really talking about websites where you have given them some of your personal information. If you regularly log on to a website to play solitaire and you haven’t even told them your real name, you probably don’t need to worry too much about preventing hackers from accessing your information on that particular site. But if you have the same username and password for both your eBay account and your bank account, you better go check your bank account right now. And change your password. And your username.

So now that we’ve outlined the dilemma, what is the solution? There are a lot of different ideas out there as to what the best way to handle and create passwords is.

Some people suggest using a password manager such as DirectPass, Dashlane or RoboForm. Some people don’t trust password managers at all, citing the obvious fact that these password managers contain a gold mine of information and surely must be targets of opportunity for hackers. Internet browsers such as Chrome and Firefox both have built-in password managers, although some see them as being even less secure.

How about creating a password scheme where one part of the password is always the same and the other part contains the name of the site that you are logging onto? It’s another way to avoid writing your passwords down, but some say that this is not a good idea. Again, if hackers get one of your passwords they might all too easily be able to gain access to every website that you log onto. Even that solitaire game.

“Algorithm passwords” maybe a good way to go, but you need to be a little bit of a math nerd and think of a really good algorithm. The idea is to take the name of the website, for instance Facebook, and change the first letter to the letter after it in the alphabet, (G, of course) change the second letter to the number of letters in the name of the website (8), change the third letter to…you get the point. My brain just does not work this way very well and it would take me half an hour to figure out my password every time I needed to log on to a new website. Plus I’d probably forget the algorithm.

Oh yes! I could just write the algorithm down somewhere! Or for that matter just write down all of my passwords somewhere. Some say that you should never write your passwords down. Others say it’s a great idea to do this and then bury the text in a random file somewhere on your computer. Or write them on a piece of paper and stick it in a box of peas in your freezer or some other abstract place. Just make sure that you don’t write your passwords on a sticky note and stick it to the underside of your keyboard. That’s just asking for it.

So what do you do? What is the best way forward? There are groups of people that each swear by one of the methods mentioned above. If you get representatives of these groups together and try to get them to come to a conclusion as to which method is best…it’s never going to happen. And I say that creating overly sophisticated passwords or password schemes to protect your information is kind of like buying multiple locks for your front door. You could have 22 of the highest-grade deadbolts on your front door, but if somebody wants in bad enough, they’re going to get in.

So pick a method, any method. Just make sure that your passwords are complex (use a combination of upper and lower case letters, numbers and symbols whenever possible) and that you have different passwords for the web sites that are the most critical to protect. Obviously your banking and other financial accounts are going to be at the top of this list. With your email and social media accounts right behind.

And then go treat yourself to a nice meal at that cool little restaurant you’ve been wanting to try. Just sit down, order a tasty beverage, pick up the menu and relax. You’re probably going to be just fine.

  • Instagram - White Circle
  • Pinterest - White Circle
  • YouTube - White Circle
  • TripAdvisor - White Circle
  • SoundCloud - White Circle