Protecting Passwords

By Paola Singer, The Wall Street Journal

RISMEDIA, July 13, 2007—The Problem: Choosing strong passwords, and knowing when to change them.

The Solution: Information-security experts recommend changing passwords every 30 to 90 days, and most importantly, choosing ones that are hard to crack. Never use proper names, or any word that appears in an English or foreign-language dictionary. Even spelling words backward is a bad idea. To keep hackers at bay, select a combination of at least eight alphabetic and numeric characters, and be sure to include both uppercase and lowercase letters.

Scared of memory loss? Many people like to come up with a phrase they can easily remember, like a movie title or riddle, and create a password with the first letter in each word. Other options include using password-managing software, which stores login data in your hard drive and then retrieves it automatically each time you access an online account; or buying encryption software that allows users to encode archived information, such as a word file with passwords.

Robert Ono, information security coordinator at the University of California’s Davis campus, suggests having two passwords, an easier one for sites that don’t require much security, such as online newspapers, and a more intricate one for online banking and similar security-sensitive transactions.