Security

New 'rules' make passwords easy to remember and more secure

Illustration file picture.

Illustration file picture.  (REUTERS/Kacper Pempel/Files)

I’m no longer using passwords that look something like this: W#7s@Pq!.

They were very hard to remember and just as hard to enter, especially using a smartphone’s tiny keyboard. I have changed strategies and my life is better.

For many years, my advice for creating passwords didn’t change much. I advised using at least eight random characters with a mixture of upper and lowercase letters, a number or two and a few symbols to logjam hackers’ password-cracking programs.

I said never to use any word found in the dictionary or a series of numbers, like 12345678. I said not to use words that people around you know, such as your dog’s name, your favorite sport or where you were born. And never perform the ultimate faux pas — making “password” your password.

I tried to make light of our universal password pain. Perhaps you’ve heard this joke: “I changed my password to ‘incorrect.’ Now whenever I forget what it is, the site will say, ‘Your password is incorrect.’”

Like you, I made hieroglyphic passwords and did my best to memorize them, only to feel defeated. The password reset link was my last resort at more sites than I care to admit.

So let’s breathe a collective sigh of relief and give thanks to a series of studies at Carnegie Mellon University that found passphrases provide just as much randomness as a haphazard collection of letters and symbols.

For example: ilovefreshsashimitunawithalittlesoyandwasabi. That’s 44 lowercase letters, with no spaces. And it’s easy for me to remember, because it’s true.

The researchers suggest that your passphrase be between 16 and 64 characters. Go ahead, get creative. The longer the passphrase, the harder it is for a hacking program to figure it out.

But with all due respect to the researchers, the passphrase alone is not good enough. There is another step you must take to make your accounts and passwords secure.

One of the worst things you can do is to use the same password for all the sites you visit, because if a hacker gets into one site, he or she will have access to all your others — including your Facebook, email, phone, banking and more. That’s why you want to have a unique password for each site you use.

There is a simple trick to creating an easy-to-remember passphrase and making your password unique for each site. How you implement it is up to you, but here’s how it works.

Let’s say you need a password for your Google account, and like me, you love fresh ahi. Your passphrase might be: ilovefreshsashimitunawithalittlesoyandwasabiGoogle or ilovefreshsashimitunawithalittlesoyandwasabiG2016.

If the password is for your email account, this would work: ilovefreshsashimitunawithalittlesoyandwasabiEmail.

The gist is to first come up with a passphrase you can remember, and then make it unique for each website in a way that makes sense to you. Simply adding a few letters or numbers at the beginning or end of the passphrase on each site makes them all different.

Kaspersky, an internet security company, has a free online password strength checker. It said my love of fresh tuna passphrase would take over 10,000 centuries to be brute-forced. If you want to check out your password, click here.

Not all sites will comply with your newfound password freedom. Some sites still require an uppercase letter, a random character or a specific length, because their legacy systems require it.

To make your accounts even more secure, you should also set up two-factor authentication, also called two-step verification. Don't let the fancy name throw you. It just means you need two ways to prove you are who you say you are to log in to your account. It’s like the bank or an employer asking for two forms of ID.

The idea is that a hacker is going to have a much harder time getting both forms of ID, and it's true. Most major services and companies, including Google, Facebook, Microsoft and Apple, offer two-factor authentication. Click here to learn how to turn it on for your accounts.

Fortunately, we won’t have to deal with this nonsense too much longer, as our passwords will be our biometrics. We’ll gain access to accounts by using our fingerprints, or our iris, or even our heartbeat. The challenge here is that while hacked or stolen passwords can be readily changed, things get very problematic when dealing with fingerprints.

Security is just one of many topics I discuss on my national radio show. From buying advice to digital life issues, I’d love for you to listen or download the podcasts. Click here to find your local radio station. If you are looking for topics about everything digital you can listen to on your phone, tablet or computer, click here for my free podcasts.

Copyright 2016, WestStar Multimedia Entertainment. All rights reserved.

Kim Komando hosts the nation’s largest weekend radio talk show as she takes calls and dispenses advice on today’s digital lifestyle. Visit Komando.com for free podcasts, videos, product reviews, shows, tips and advice.