My personal password trick revealed
Some people like to use special password-keeping programs, but I prefer to do something else that is faster for me. I use the same root password (let's say TadPole) in all my passwords, but vary the beginning and the end. One website may be 44TadPole44. Another may be TadPole32, and yet another may be AmazTadPole32On. I have a method to my madness, so the pre- and post-portions make sense to me for particular websites.
Thanks to the common root method, I can keep passwords to hundreds of different websites in my head. Because each password is different, if an attacker compromises one of my passwords on one website, my password commonality remains unknown. Even if they figure out I'm using a common password root -- heck, I'm telling them right here -- they'll have a hard time figuring out the right pre- and post-portions aligned with other websites. None of the currently available password tools can handle that type of replacement complexity when trying different password combinations.
Lie in reply to password reset questions
Just as important as a good, strong password is making your password reset questions unguessable. There are lots of stories (remember the Sarah Palin email hack?) where people who were not even true hackers did a little research and guessed a person's password reset questions correctly. In general, the effort needed to crack reset questions is an order of magnitude less than guessing the actual password. It's the weakest link.
Do what I do and don't answer those questions truthfully. When they ask you your mother's maiden name, the brand of your first car, or your birthplace, you are not obligated to provide correct answers. Instead, pick a common password reset answer for each website and use my password root strategy, remembering to vary the common root word or phrase so you can remember it and associate it with each website.
Anyone can end up with a compromised password. It happens. Websites get hacked. Ingenious, targeted phish emails fool the best of us. But if you follow these recommendations, you can reduce the risk of successful password hack attacks.
This story, "Creating strong passwords is easier than you think," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.