If you’re like most people, you shrug off advice to craft truly secure passwords for your online accounts. But easy-to-remember words and phrases leave your accounts susceptible—and using a password on more than one site creates a potential field day for hackers. In a survey by Trusteer, a computer-security firm, three-fourths of respondents said they’ve reused their online banking password to access at least one nonfinancial Web site. “If even one of those accounts is compromised and its password stolen, all your accounts may be at risk,” says Lujo Bauer, a professor of computer engineering at Carnegie Mellon University.
The first step to beefing up your online security is creating better passwords and changing them frequently. A six-character password in all lowercase letters, such as kitten, would take a hacker’s computer less than a day to guess, according to a tool at Passfault.com. However, a complex password that combines upper- and lowercase letters, numbers and symbols, such as %+M;8aa@?aVt, would take four centuries to crack. (To test your passwords, go to www.microsoft.com/security.)
Remembering such souped-up passwords is a hassle, but some simple memorization strategies can fix that. Because longer is better, try using a phrase or sentence, such as TheBoyWentBacktoSchool. If your account has a character limit, use a mnemonic trick to jog your memory, and include non-letter symbols: “We have a boy who is 18 and a dog that is 7” becomes Whab#18aad#7.
Managing your passwords. Once you’ve created stronger passwords, you may have trouble keeping track of them. That’s where password managers come in handy. Services such as LastPass (premium costs $12 per year and comes with mobile access on iPhone, BlackBerry, Android and Windows Phone) and 1Password ($35; available for Apple and Android mobile devices) store and remember all your passwords for all your accounts. With one master login and password, you have access to everything. Bonus: Both services will automatically generate secure passwords for you.
For e-mail users willing to take an extra step in the name of security, some providers, such as Google, offer two-step verification (go to Account Settings to set up the service). After you sign up, a code is sent to your phone. Enter the code at login, then type in your regular password. The code is good for one month per computer; when the 30 days are up, a new code is sent to you automatically. LastPass offers a similar service.