Are Your Passwords Strong Enough?

You want to protect your personal information: Your email. Your Tower accounts. Your address and credit card number. Photos of yourself and your kids. But thanks to an explosion of personal information being stored in the cloud, and our tendency to use short passwords and reuse passwords, exploits can occur.

A smart move to protect yourself is to select highly secure passwords on all of your accounts that are difficult to crack or guess. Here’s how.

The longer the better
While many sites and applications only require you to create passwords with a minimum of eight characters, security experts are now recommending passwords be 15+ characters long.Why? It’s because computer technology today allows hackers to run more efficient password cracking tools. Given enough time, the automated method can correctly guess any password. A simple device can crack an eight letter single-case password in five hours. However, if you use a password with 12 or more characters, it increases to 200 years.Don’t double-dip
Don’t use the same password across multiple sites or for different services you may have on the Internet; for example, using the same password for your Web mail and your Home Banking account at Tower. If you’re using this same password on other sites, attackers will be able to log in as you on those sites as well. It’s best to create individual passwords for every account you have.Use a phrase
Avoid obvious and easily guessable passwords like “password” or “123456”, as well as any information that can be gathered from your social media accounts. Avoid using pet names, e-mail addresses, names, places, etc. Try not to use words found in a dictionary. Don’t use movie or book titles, or sequential patterns on a keyboard. Hackers can run through all of these familiar patterns easily using brute-force attacks—in which a computer runs through every possible combination of characters in order to crack your password.Instead, use password mnemonics to create a complex, but memorable password. Start with a meaningful phrase, sentence, song lyric, etc. and add numbers, capital letters, and symbols for password complexity, such as: “I love watermelon because it just turns to water in your belly!” = “iLwmbcijtth2OiyB!”

Keep it weird
Use special symbols that you’ve never used before—such as !@#$%^&*(){}[]. While you think you could get away with just replacing an “S” with a “$” or changing an “A” to “@”, hackers are already one step ahead of you and can easily pick up on these patterns.

Hints are good
Can’t remember your new password? If you need to write something on paper to help remember it, write down a hint that will trigger your memory, but is meaningless to anyone else. For example, write down “Fruit juice” as your hint to remember “I love watermelon because it just turns to water in your belly!” = “iLwmbcijtth2OiyB!” Then, store that hint in a safe place, like your wallet.

Manage it all
If you have trouble remembering good passwords (everyone does, actually), let a password manager randomly generate a password for you. There are both browser password managers and app-based services. This will help you manage unique and complex passwords for all your accounts. And then you only have to remember one strong password—the one for the password manager. LastPass and Keeper are widely used.

What the future bodes
According to some, the future of the Web is geared toward removing passwords entirely—replaced by the use of biometrics—such as fingerprint scanners on smartphones and other devices. But that day isn’t quite here yet. The best way to batten down the hatches right now is to make it a priority to clean up your passwords. Make them airtight now. And avoid regret later.

Resources:, Wired Magazine, Consumer Reports,