Consumer Reports: Four tips for creating stronger passwords

Strong passwords should contain at least eight characters and have a combination of upper and lowercase letters, a numeral and a special character, but according to Consumer Reports’ new survey, three-quarters of Americans don’t protect their most sensitive accounts with a strong enough password.

This leaves them vulnerable to attacks by hackers.  The full findings can be found in the January 2012 issue of Consumer Reports and online at http://www.consumerreports.org/.

Consumer Reports national survey of 1,000 adults also uncovered other ways consumers are putting their personal information at risk:

• Thirty-two percent of respondents used a personal reference in their passwords.
• Twenty-nine percent store passwords on a list they carry with them, near their computer, or in an insecure file on their tablet or mobile device; the same percentage also use passwords on their most sensitive accounts that are too short – with seven or fewer characters.
• Almost 20 percent used the same password for more than five accounts.

Five Ways to Protect Passwords

To protect online accounts, Consumer Reports advises consumers to follow the password-protection measures below:

• Don’t use the same one twice. Use a different password for each sensitive website like banking, online shopping, and social networks.  If a hacker obtains a password you use from one site, he’ll have access to your other accounts.  To make passwords easier to remember, it’s fine to use a similar character pattern from site to site, varying part of it in a way that’s intuitive to you but not obvious to anyone else.
• Make passwords strong. Create a password that contains a minimum of eight characters.  Include an uppercase and a lower case letter, plus a digit and a special character.
• Avoid the obvious. Hackers have extensive dictionaries of widely used passwords.  When composing a password, don’t use common words, names or facts that someone can easily guess or find out.  Avoid predictable patterns, such as starting with an uppercase letter.
• Keep passwords safe and up-to-date.  Don’t write down full passwords, but, if you must, keep them under lock and key.  Don’t give passwords to anyone over the phone, via e-mail, or through a social network.  Consider replacing old passwords with stronger ones; they may once have been strong enough but may now be too weak for today’s hackers.

• Secure computers and browsers. Keyloggers and other malware are a real risk, especially on publicly accessible computers.  Keep operating systems and major applications up-to-date.  Run an effective security software suite that automatically updates itself.  When browsing a password-protected website, look for “https” in the site’s address.  Sign into accounts by typing the URL into the browser, not by clicking on a link in an email; it could take you to a fake site.

The full report, “Hack-proof your passwords,” also features insight and advice from computer security experts and gives tips on creating a strong password that’s easy to remember.  The article can be found in the January 2012 issue of Consumer Reportsand online.