Small password improvements equal big security

Photo courtesy Flickr user liako

(MoneyWatch) Passwords are the bane of our digital existence. Best practices call for multiple unique, highly complex passwords -- you shouldn't repeat the same one on multiple sites, services, or accounts. And a strong password implies using capital letters, numbers, and symbols. But human nature dictates that even given those requirements, we find the easiest way to satisfy the rules. And those shortcuts are great for hackers.

Recently, PC World illustrated the problem: Given a requirement to use a capital letter in a password, most people typically make the first letter of the password a capital. Likewise, data shows that 1 is far and away the most common number used in passwords; when sequences are used, "3456" is ten times more common than "4321." And those special symbols? People simply replace characters in words with symbols that resemble them (! Instead of an L or I, for example) -- something hackers have no trouble reverse engineering.

So what does all that mean? Basically, our passwords are relatively insecure (even when we follow the rules for strong passwords), mainly because we're still optimizing for shorter, easier to remember phrases.

The solution -- or at least a mitigation -- is to get creative. Here are some password guidelines, revised for the modern age:

It's actually OK to write down passwords. The real security risk isn't someone in the same room as you; it's an anonymous hacker with the computer processing power to solve your password. If writing down passwords helps you make them rich, strong, and complex, that's probably a reasonable compromise.

Combine what you write down with a memorized string. Make your passwords based on two parts: A set of characters that you memorize, followed by the longer, unique bits that you have written down. This way, the written password list is useless, and you don't have to memorize much to have a secure PC.

Mix it up. Put multiple capital letters in your password. Use random number sequences. Use uncommon special characters. And make your passwords longer, since you don't need to memorize them.

Photo courtesy Flickr user liako