---

Is your password hacker-proof?

Friday, October 15, 2010

Usernames and passwords are the gateway for accessing many online goods and services, often making our Internet transactions easier and faster. But they are also a gateway for would-be scammers and identity thieves to gain access to sensitive information about us, such as bank accounts and credit card numbers. Making matters worse, people often use the same password for several accounts.

So just how secure is the door to your online identity?

One way to check is to test your password. Several websites make it easy to find out how secure your online accounts really are. Here are three:

howsecureismypassword.net On the homepage, you'll see a place to enter your password. The site will give you an idea of how long it would take a fraudster to get access to your account.

passwordmeter.com This site scores your password based on its characteristics, via ShopSmart magazine, and lets you know if its "Exceptional," Sufficient," "Warning,"or "Failure".

microsoft.com/protect/yourself/password/checker.mspx Microsoft offers a site to check the strength of your password. The company claims that any information you input is not collected, stored or transmitted.

It's worth taking a few minute to protect yourself online. Spammers who gain entrance to online accounts will often change security questions and even add a secondary e-mail address, so you may not know for hours that there's been a breach.

Privacy Rights Clearinghouse offers these 10 tips on making sure you have a strong password.

Want to develop tough-to-crack passwords that resist infiltration? Follow these 10 rules:

1. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.

2. Don’t use personal information. Any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.

3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.

4. If the web site supports it, try to use special characters, such as $, #, and &. Most passwords are case sensitive, so use a mixture of upper case and lower case letters, as well as numbers.

5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters.

6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.

7. Create different passwords for different accounts and applications. That way, if one password is breached, your other accounts won’t be put at risk too. Do not use the same or variations of the same password for different applications.

8. Despite admonitions to the contrary, one easy way to remember your passwords is to write them down and keep them in a securely locked place. Never leave them on a Post-It note on your monitor, in an address book, in a desk drawer, or under your keyboard or mouse pad (or any other obvious place).

9. Consider using a secure password manager. The Firefox browser has a password manager already built in.

10. If you have already established a password that is not strong, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as "my account") somewhere on the site's homepage that goes to an area of the site that allows password and account management.

For more information on how to protect yourself online, visit Consumer Action's Privacy Information subsite.