NPR logo

Protect Your Password: Keep It Complex

  • Download
  • <iframe src="https://www.npr.org/player/embed/11447182/11447207" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Protect Your Password: Keep It Complex

Your Money

Protect Your Password: Keep It Complex

Protect Your Password: Keep It Complex

  • Download
  • <iframe src="https://www.npr.org/player/embed/11447182/11447207" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

An average computer user has six to eight passwords. A third have more than 15 of them. iStock hide caption

toggle caption
iStock

An average computer user has six to eight passwords. A third have more than 15 of them.

iStock

Tips for Safer Passwords

  • Don't use passwords that are based on personal information that can be easily accessed or guessed.
  • Don't use words that can be found in any dictionary of any language.
  • Develop a technique for remembering complex passwords.*
  • Use both lowercase and capital letters.
  • Use a combination of letters, numbers, and special characters.
  • Use different passwords on different systems.
  • Don't share passwords with others.
  • Change passwords regularly.
  • Store passwords in a safe place.
  • Don't leave passwords where others can find them.

*For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters helps confuse would-be hackers.

Source: US-CERT

10 Most Common Passwords

1. password

2. 123456

3. qwerty

4. abc123

5. letmein

6. monkey

7. myspace1

8. password1

9. link182

10. (your first name)

 

Source: PC Magazine; InTechnology.com

If you're reading this at work, chances are you have several sticky notes stuck around your monitor or tucked in your desk. The passwords jotted on them are designed to protect your — or your company's — important secrets. Keeping passwords where others can see them is a definite no-no.

Most computer users now have 6 to 8 passwords. All these passwords add up to more than just confusion, says Marc Boroditsky, a computer security expert and chief executive officer of Passlogix.

Having to reset a forgotten password often means an expensive call to IT.

"The largest single category for help desks is the user having forgotten their password and needing it in order to do their job," he tells Steve Inskeep.

But with more and more important functions being done online, passwords are increasingly necessary.

Data that's not properly protected "might mean the exposure of important consumer or individually recognized data," Boroditsky says. "It could be your Social Security numbers; it could be your medical records."

Having a single password for various applications is highly risky — security professionals call it the "keys to the kingdom."

"You want to have unique passwords for every application that you use" and you need "some mechanism to make it easy to recall them" — a system for selecting secure yet memorable passwords, Boroditsky says.

"A tough password is something that doesn't have a word in the dictionary in it, doesn't have any kind of name of a place or a person, it doesn't have a familiar number, like a phone number or a date. But it could be the combination of all of those, and preferably not spelled out in a way that's identifiable."

For example, Boroditsky says, an eBay password might be ebnpr2007 — eb for eBay, npr for a familiar acronym and 2007 for the year. "So, ebnpr2007 isn't a word in the dictionary and isn't easy to guess if you were attempting to gain access," he says.