Scam Alert: Password Tips to Head Off Hackers; Online Security - AARP Bulletin

Passwords to Head Off the Hackers

New rules for an old problem how to create a strong password

Using their own ingenuity and automated programs that target thousands of computers simultaneously, hackers can quickly crack many simple and break into . And once they sign in as you, they may change the password, locking you out of your own account. One study finds that a successful hacking attack occurs about every 39 seconds. But in just a few seconds of your own, there are some ways you can strengthen your password for better . 12 is the new 8 As cyber crooks hone their skills, the traditional recommendation that passwords contain at least eight characters has changed. Passwords should now be at least 12 characters, say researchers at the Georgia Tech Research Institute. In their tests, they learned that eight-character passwords can be cracked in about two hours, but adding just four additional keystrokes to a password could raise that to a theoretical 17,000 years. Small tweaks, big results Longer passwords are a good first step, but even more important is making each character count. And yet one recent survey found that half of 2,500 surveyed computer users never employ symbols such as &, >, # or @ in their passwords. Worse, many still only use lowercase letters or just add numbers at the end of words, such as the foolish and easily hacked "password123." In one study, a British researcher noted that bolstering an all lowercase eight-character password with a few well-placed symbols, numbers and a combination of upper- and lowercase letters would take commercial hacking software about 200 years to crack. Steps like these serve to blunt the hackers' software, which works by trying various versions of words in an English dictionary and even combinations of them. David Selman/Alamy Easier recall of 'hard' passwords Of course, the more complicated a password, the harder it is for you to remember it — explaining why you may often quickly change the cryptic passwords initially assigned when you open a new online account. After all, who can remember "iH3k&tR#rS-c"? You can — by taking some new advice: Choose a sentence, phrase or song that you can easily remember, and add a few keystroke tweaks. The above 12-character password, for example, is a hacker-resistant version of "I have 3 kids and they are really super-cool" (which is true for me, but hackers, take note: I'm not using it as a password). Your favorite song? "When I'm feeling blue/All I have to do/Is take a look at you" becomes "WiFbAiH2DiTaLaU," with each word's initial letter alternating between lower case and capital. Then "A Groovy Kind of Love" becomes a stronger password. And while you shouldn't use birthdays or anniversaries as a password — those dates may be available in online public records and used by hackers who specifically target you — those easy-to-remember dates can be tweaked for better protection. If you must rely on your June 10 wedding, for instance, consider including lesser-known info — such as the initials of your maid of honor (Susan Jones) and honeymoon destination (Miami), à la "sj@0610#miaFL."

Of course, this level of complexity may not be for everyone. But give it a try — if you create (and remember) passwords like these, you'll have nearly uncrackable security. Other old-standby ways to bolster password security: Say no when browsers offer to save your password. Website browsers such as Firefox and Internet Explorer let users save passwords so that they don't have to enter them each time they go to a site, but widely used password-stealing "Trojan" programs know where to look for and how to steal that information. Plus, a saved password can translate to easier hacking if your computer gets stolen. Use different passwords for different accounts. And change them every 90 days or so. Only about one in five computers users employs multiple passwords on different accounts, and many fail to ever change them. Check your password. Whenever you choose a new one, gauge its strength at websites such as Microsoft's .
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling. Cancel You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits. Your email address is now confirmed. You'll start receiving the latest news, benefits, events, and programs related to AARP's mission to empower people to choose how they live as they age. You can also by updating your account at anytime. You will be asked to register or log in. Cancel Offer Details Disclosures

Close In the next 24 hours, you will receive an email to confirm your subscription to receive emails related to AARP volunteering. Once you confirm that subscription, you will regularly receive communications related to AARP volunteering. In the meantime, please feel free to search for ways to make a difference in your community at Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.