1. FORGET THE DICTIONARY–If your password can be found in a dictionary, you might as well not have one. The worst passwords are dictionary words or a small number of “insertions or changes” to words that are in the dictionary. Hackers will test passwords from a dictionary when they start planning breaches. If your password is not in that set, hackers will typically move on.
2. NEVER USE THE SAME PASSWORD TWICE–People tend to use the same password across multiple sites, something that hackers love. While cracking into someone’s LinkedIn might not have major consequences, hackers will use that password to crack into someone’s e-mail, bank, or brokerage account where there’s more valuable financial and personal information stored.
3. COME UP WITH A PASSPHRASE–The longer your password, the longer it will take to crack. A password should be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Longer passwords tend to be harder to remember, so consider a passphrase, like a favorite movie quote, song lyric, or poem and string together only the first one or two letters of each word in the sentence.
4. JUST JAM ON YOUR KEYBOARD–For sensitive accounts, instead of a passphrase, randomly jam on the keyboard, hitting the Shift and Alt keys. Then, copy the result into a text file that stores on an encrypted, password-protected USB drive. That way, if someone puts a gun to your head and demands to know your password, you can honestly say you don’t know it.
5. STORE YOUR PASSWORDS SECURELY–Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re done. Store your password file on an encrypted USB drive that also has a long, complex password. Copy and paste those passwords into accounts so if an attacker installs keystroke logging software on his computer, they can’t record the keystrokes to his password.
6. A PASSWORD MANAGER–Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. But be warned: even with encryption, the password still lives on the computer itself. If someone steals your computer, you’ve lost your passwords.
7. IGNORE SECURITY QUESTIONS–There is a limited set of answers to questions like “What is your favorite color?” and most answers to questions like “What middle school did you attend?” can be found on the Internet. Hackers use that information to reset your password and take control of your account. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: “Your favorite song lyric.”
8. USE DIFFERENT BROWSERS—Use different Web browsers for different activities. Pick one browser for “promiscuous” browsing: online forums, news sites, blogs — anything you don’t consider important. When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down. That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account isn’t compromised. As for which browser to use for which activities, a study last year found that Google Chrome was the least likely to be attacked.
9. SHARE CAUTIOUSLY–You are your e-mail address and your password. Whenever possible, don’t register for online accounts using your real e-mail address. Instead, use “throwaway” e-mail addresses, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later.