Strong passwords key to Internet security

Experts offer advice for creating complex codes that are easy to recall

Thad Allender/Journal-World Photo Illustration Password security

Tips for creating safe passwords

¢ Use at least seven characters and include numbers, a special character like “&” and use both upper- and lowercase letters.

¢ Don’t use simple words that refer to anything noticeable about yourself, like your spouse or child’s name.

¢ Don’t make it a word that appears in a dictionary.

¢ Use the first letter in words of a song lyric or phrase of something that will jog your memory, like “FfcBbc-08” for “Final Four college basketball champions 2008.”

¢ If you write your password down, don’t include any other personal information with it. Use a computer program that will encrypt and safely store passwords instead of just typing them in a Word document.

¢ Do not duplicate passwords.

Source: Kansas University IT security office

When Julie Fugett needs to log in to a Web site with a password, such as for her bank or credit card accounts, she hears music.

For example – this isn’t one of her passwords – a fan of the band Journey might type in “Dsb!1hotTf”.

It’s the first letter of each word in the chorus to “Don’t Stop Believin”” with a number and exclamation point included.

“People would look at that and say ‘What on earth?’ But to me, it means something because to remember my passwords, I sing a little song in my head,” Fugett said.

It jogs her memory, and it’s a method the Kansas University information security analyst recommends for creating secure and complex passwords to protect personal information and finances from computer hackers.

Selecting secure passwords – and finding a safe way to remember them – has become more important as more and more information is stored digitally, she said.

KU has similar guidelines that require students to change their passwords every semester on their school accounts. The passwords have to be complex: Seven characters with at least one being uppercase, at least one special character such as “&” and one number.

Accounts for school, banking, cell phones, credit cards, insurance, retirement assets and social networking sites all contain precious information.

It also can be inconvenient because it gives people a host of passwords they need to remember. It’s frustrating when you can’t remember a password, said George Martin, a KU freshman from Oak Park, Ill.

“I can only speak for my friends, but yeah, pretty much everybody keeps the same password so hopefully it won’t get too complicated and they’ll forget it,” Martin said.

He’ll vary them and add numbers and symbols on different accounts.

Fugett said it’s very risky to use the same password over and over, especially on vital accounts.

“Some ‘phishing’ attacks are predicated on the notion that you use the same password for everything,” Fugett said.

It can be difficult to remember too many passwords. If you have to write them down, she says, be smart about it and write only the password, not the login or any other information that could be helpful to snoopers.

Typing a password list in a word processor file is also a no-no, even if the file itself is protected by a password. Certain Web sites can crack those codes to open Microsoft Word files, for example, for $20, she said.

Instead, Fugett recommends locking your password list in a safe in your hard drive. Password Safe, an application, is free. It allows users to list passwords for their accounts, but the list is protected by one master password.

The master password protects the list, and it’s also strongly encrypted, making it very difficult for anyone to crack, she said. Plus, it’s much easier to have to remember one password instead of 10 or 15.

Her office receives calls sometimes from frustrated KU users who don’t want to change their passwords to make them more complex, but that’s better than having someone drain your bank account.

“The more complex it is, the more computationally expensive it is for a bad guy to crack it,” Fugett said.