Twitter’s warning about hackers is another reminder about the importance of password protection.
Here’s a guide to creating a strong password and keeping out of the clutches of those who would do your computer and personal information harm.
A strong password is one that cannot be easily guessed or broken by a brute force attack in a reasonable amount of time. It should contain numbers, punctuation, and upper- and lower-case letters. It also shouldn’t include anything likely to be found in a dictionary or a common name.
And as Twitter pointed out as the microblogging site announced that hackers may have gained access to data regarding 250,000 of its users including user names, email addresses and encrypted passwords, longer is better. A 15-character password may be 90 times harder to crack than a 14-character one.
That said, it needs to be something you can remember, and there are tricks to creating passwords that are not only seemingly random but also easy to recall.
“Create a formula that you’ll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared,” writes PCWorld’s Lincoln Spector.
Keep in mind your passwords should never include any personal information, because any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. It’s also important to use a different password for various sites — never use the same password twice.
If all that sounds like too much trouble, there are options.
You can use a password manager such as Password Safe (available as a download on PCWorld). It’s free, open source and uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.
Also consider two-factor authentication. You can set Google and Facebook to send you a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine).
For even more password creation tips, check out Password Management: Idiot-Proof Tips.
Twitter isn’t alone in being a victim. The New York Times, The Wall Street Journal and The Washington Post are other high-profile companies that have recently been hacked.
Twitter emailed affected users Friday, telling them to reset their passwords, and the site offered some helpful advice about passwords in a blog post written by Bob Lord, director of information security for Twitter.