Fix Your Passwords

Use these tactics to keep the bad guys out of your online accounts.

If you’re like most people, you shrug off advice to craft truly secure passwords for your online accounts. But easy-to-remember words and phrases leave your accounts susceptible—and using a password on more than one site creates a potential field day for hackers. In a survey by Trusteer, a computer-security firm, three-fourths of respondents said they’ve reused their online banking password to access at least one nonfinancial Web site. “If even one of those accounts is compromised and its password stolen, all your accounts may be at risk,” says Lujo Bauer, a professor of computer engineering at Carnegie Mellon University.

The first step to beefing up your online security is creating better passwords and changing them frequently. A six-character password in all lowercase letters, such as kitten, would take a hacker’s computer less than a day to guess, according to a tool at However, a complex password that combines upper- and lowercase letters, numbers and symbols, such as %+M;8aa@?aVt, would take four centuries to crack. (To test your passwords, go to

Remembering such souped-up passwords is a hassle, but some simple memorization strategies can fix that. Because longer is better, try using a phrase or sentence, such as TheBoyWentBacktoSchool. If your account has a character limit, use a mnemonic trick to jog your memory, and include non-letter symbols: “We have a boy who is 18 and a dog that is 7” becomes Whab#18aad#7.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

Managing your passwords. Once you’ve created stronger passwords, you may have trouble keeping track of them. That’s where password managers come in handy. Services such as LastPass (premium costs $12 per year and comes with mobile access on iPhone, BlackBerry, Android and Windows Phone) and 1Password ($35; available for Apple and Android mobile devices) store and remember all your passwords for all your accounts. With one master login and password, you have access to everything. Bonus: Both serv­ices will automatically generate secure passwords for you.

For e-mail users willing to take an extra step in the name of security, some providers, such as Google, offer two-step verification (go to Account Settings to set up the service). After you sign up, a code is sent to your phone. Enter the code at login, then type in your regular password. The code is good for one month per computer; when the 30 days are up, a new code is sent to you automatically. LastPass offers a similar service.

John Miley
Senior Associate Editor, The Kiplinger Letter

John Miley is a Senior Associate Editor at The Kiplinger Letter. He mainly covers technology, telecom and education, but will jump on other important business topics as needed. In his role, he provides timely forecasts about emerging technologies, business trends and government regulations. He also edits stories for the weekly publication and has written and edited e-mail newsletters.

He joined Kiplinger in August 2010 as a reporter for Kiplinger's Personal Finance magazine, where he wrote stories, fact-checked articles and researched investing data. After two years at the magazine, he moved to the Letter, where he has been for the last decade. He holds a BA from Bates College and a master’s degree in magazine journalism from Northwestern University, where he specialized in business reporting. An avid runner and a former decathlete, he has written about fitness and competed in triathlons.