Arts & Entertainment

Non-obvious Passwords Can Save a Lot of Grief

That may look like a confusing jumble of letters and numbers. And it is. But that’s why it holds the promise of better computer security for you.

That’s because it is a secure password. Unlike a word, a name or a date, that jumble would be hard for a hacker to crack even using software to speed up the guessing process.

A good password is one of the most important security devices for your computer. And what a deal. It’s free and doesn’t need to be plugged in or configured.

But most passwords are ridiculously easy to guess. It is too bad passwords don’t come with a manual.

Several of you, no need to raise your hands, use the name of your child, or a pet, or your birthday as your password. Even more of you haven’t changed your password in years. And, looking out in the audience, I see literally thousands of you who use the same password for your e-mail as you do for that sports Web site run by a 13-year-old in Des Moines.

I know your excuses, too. A good password is too hard to remember, and you have so many. Besides, if you change your password every six months, you worry that you’d never be able to remember the new one.

9RTRNRHAVSN3. Now there is a password. But I have no trouble at all remembering it. And you won’t find it in any dictionaries – a good thing, since some password-cracking programs literally use every word in the dictionary to try to break the password.

It has numbers and letters, another way of making a password hard to guess. And when I change the password, it’ll still be easy for me to remember the new one. But why is it easy for me to remember that seemingly random group of numbers and letters? We’ll use that password as an example to show you why. Once you understand my scheme, you can come up with a password of your own that is both complex enough to be safe but easy to remember.

The letters in the password are the first letters from a verse of the only song I can consistently remember: "Rudolph the Red-nosed Reindeer." Using those first letters means I can remember the password easily: Rudolph the red-nosed reindeer had a very shiny nose – RTRNRHAVSN

The number at the beginning of the password says I started using that password in the ninth month. The number at the end shows the day it was created. The numbers add security to the password, and they help me keep track of how long I’ve used that particular password.

While I’m a big fan of Rudolph, you probably have another song or a poem that would provide the letters for your password. And you could use an entirely different numbering scheme – the digits from an old telephone number, or the date you graduated from high school. The idea here is to create a password that stands out in your mind and yet is almost impossible to guess. With just a few moments’ thought you can modify my scheme into one that works for you.

If you stopped reading today’s column here, you’d be way ahead of most people when it comes to passwords. But there’s still more to do, more to know.

One of the biggest risks – when it comes to stealing passwords – are the phisher (pronounced "fisher") schemes designed to part you from passwords and other personal information. By now, you probably know about these sites. But to be sure, here is how they work.

It all starts when you get an e-mail that seems to come from your bank or a merchant and you are told that – for some logical reason – you need to log onto that account.

Once you click the link, you are taken to a Web page that looks just like the real eBay or Citibank Web site. But if you fill in your user name and password there, you’ve just handed over the keys to your identity and bank account to a crook.

A trade group called the Anti-Phishing Working Group says that, last month, the number of new phishing sites rose to a record 14,191. That’s 18 percent more than the previous record. And the trade group said the level of sophistication for the sites has grown, too.

Yhe best password in the world won’t help if you give it to a crook. So my advice is to ignore every e-mail that directs you to a Web site where you are supposed to fill in personal information. If you worry that it could be the real thing, look up the telephone number for that bank or merchant and call to ask if the e-mail was legitimate. But I could make big bucks by betting you it was not.

OK, that’s our class on passwords. I’ll send this column in to my editor as soon as I hum a few bars of my favorite Jerry Lee Lewis song so I can remember my work e-mail password.