CIO

Passwords: You're doing it wrong. Here's how to make them uncrackable.

In honor of "Password Day," McAfee shares some tips on creating hack-proof passwords.
  • Rick Broida (PC World (US online))
  • 08 May, 2013 13:06

For years now I've harangued relatives about their shoddy password practices. Either they use easily-hacked passwords or forget the passwords they've created--sometimes both.

If you won't take it from me, beloved family, consider this Password Day (yes, apparently it's a thing) statement from McAfee's Robert Siciliano: "74% of Internet users use the same password across multiple websites, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss."

What's the fix? It's easier than you might think. For starters, head to Intel's Password Grader to see just how easily cracked your current password is. (The site promises not to retain any information, though still recommends that you not use your actual password--so maybe just use somethings similar.)

From there you can scroll down to see a simple step-by-step process for making your "hackable" password "uncrackable." (There's a longer and more informative version of this infographic on Sicilian's blog--and it doesn't require you to use the Password Grader if you'd prefer not to.)

The key takeaway here is to avoid the usual mix of letters, numbers, and punctuation you're often advised to use, and instead opt for an easier-to-remember passphrase.

So, for example, if your PC World password is something like "PCW0rldD4ve," you'd actually be better off with "I Love Reading PC World!" Sounds crazy, but as McAfee and Intel note, it's not about complexity, it's about length.

And you could adapt a similar passphrase to every other site you visit: "I Love Reading Facebook!", for example, and so on. Now you've got both diversity and simplicity in your corner. The only catch is that some sites won't allow you to use spaces, and others may limit password length.

How'd you fare on the Password Grader, and what other methods have you employed to create a hack-proof password system? I know some folks are big fans of tools like LastPass, which can auto-generate (and auto-fill) complex passwords for you. Your thoughts?

Contributing Editor Rick Broida writes about business and consumer technology. Ask for help with your PC hassles at hasslefree@pcworld.com, or try the treasure trove of helpful folks in the PC World Community Forums. Sign up to have the Hassle-Free PC newsletter e-mailed to you each week.