My password is my kid’s name…what’s wrong with that?

Your bank, video subscription, webmail provider and classic car forums all require a password. However, not to worry, you have the perfect solution! You use the same password for each website – your favorite ice hockey team and your favorite player’s jersey number.

Your company makes your change your password every ninety days. They make you use eight characters including three of four choices of an upper case letter, a lower case letter, a number and a special character.  Again, no problem!  Your son’s name is Jayden and he was born in ’05 so you combine the two and voila! Jayden05 fulfils all the requirements and it’s easy to remember. And when you need to change it, you have three more kids, a spouse, yourself, your parents’ name, and birth year to use. Easy peasy!

This method seems foolproof except for a couple important things…

1)      Anyone who knows you or asks you the right questions will know your passwords fairly quickly

2)      One account breached means they all can (and probably will) be

But, as a good friend recently complained to me, if the password isn’t easy to remember, she’s going to either forget it or write it down.

So let’s talk about what makes up a bad password and how to make it a good password.  First, a bad password is anything easily guessable, either by a person who knows you well, or a hacker using a A dictionary attack will check for any word in the dictionary (in your language and others). It will also check for two dictionary words put together, a dictionary word with numbers tagged on, or dictionary words with simple substitutions (‘P@ssw0rd’ instead of  ‘Password’).

To start talking about good passwords, divide your passwords into two categories, secure and non-secure passwords. Secure password sites are any sites with your credit card on file, or where banking or money transactions occur such as eBay, Amazon, your bank or your investment broker. Non-secure websites are any non-financial sites you have an account with, such as your webmail, forums and social networking sites. Having a unique password for each site you log on to is optimal, but difficult to manage. If you’re going to limit the number of passwords you have, you should have at least one of each of these two types.

To create a strong password, consider using a password phrase instead. Choose a sentence that means something to you (“My son Jayden was born in September 2005”). Take the first letter of each of those words “(MsJwbiS2”) and now do some simple substitution on some of the characters (“M2Jwb!sZ”).  (Remember previously simple substitution was guessable in a dictionary attack, but this isn’t a dictionary word anymore and is far more effective.)

How to create a good password from a meaningful phrase

It may seem difficult to remember but each time you enter the password, you say the phrase to yourself in your head and it’s easy.  To check your password’s strength before you use it,  use an online password strength checker like The Password Meter.

For those of you out there that like a little added challenge, add some security to your passwords by adding something unique to the end of your password for each site. For example, for your Amazon account, add an “A” at the end of “M2Jwb!sZ” making your Amazon password (“M2Jwb!sZA”) different from your Bank of America password (“M2Jwb!sZB”).  This slight variation may help protect your other accounts should one of them be compromised.

Passwords are everywhere these days so avoiding them isn’t going to work. Instead, use the suggestions above to help protect your information. If your password takes too long to break, a hacker will generally move on to easier targets who probably use their kid’s name as their password.

headnerd