Internet and Password Security

It seems that news reports about the hacking of some popular website, and the resulting compromising of millions of user names, passwords and other personal data, have become much too commonplace.


Do you use a strong password? There’s a very amusing scene in the movie Clear and Present Danger in which Harrison Ford and a CIA programmer discuss how weak Ford’s password is. It takes the programmer three tries to guess Ford’s password which involved the birthdates of his child and wife.

That scene demonstrates a classic mistake that people make with their passwords for all kinds of electronic services. A password that is easy to remember, such as the birthday of a loved one or your street number or zip code, is also very easily guessed by a hacker or intruder.

On the other hand, a very complex password like a random series of numbers, letters and characters, is too hard to remember for most people. So how do you create a password that is easy to remember but hard to crack?

It’s actually easier than you might think. The first step is to come up with a phrase that means something to you, but which might be difficult for someone else to guess. It could be as simple as “boy this is great” or more complex like “I’m walking the dog to the park.”

In fact, according to one article we recently read, a simple multi-word phrase like “boy this is great” could take a hacker years to crack open. But there are additional steps you can take for increased password security, especially since many websites won’t allow you to use spaces in your password.

So, once you have a phrase that’s easy to remember, you can start modifying it in simple ways that are easy for you to remember. Things like capitalizing the second letter of each word. This would result in “bOy tHis iS gReat”. That is a powerful password all by itself.

You can continue to make it even more complicated by replacing letters with numbers and symbols. For example, the spaces could become “_”, the “o” could become a zero “0” and the “h” could become a “#”. Other clever tricks are to play with the phonetics, such as replacing “great” with “gr8” or the word “for” with “4”. All of these add to the strength of your password security.

The next step is to come up with a couple of different passwords. One that is relatively simple, like “relatively 51mple” (note the “51” for the “si”) for use on websites where the there isn’t much information that could be lost or stolen if your password is hacked.

Other websites like Gmail, Hotmail, Facebook or Schwab, where you may have significant personal information about you or, worse, your friends, should have a stronger password. This could be something like “Rel@t1velY_51mplE”. Note that it’s the same phrase, but it’s been altered in a much more complex way that is (hopefully) easy to remember but harder to hack.

More importantly, if one account, like LinkedIn is compromised, you won’t have to work too hard to change the passwords on your other, more important (and hopefully more secure) websites.

About Rick Brooks

Rick Brooks, CFA®, CFP® is a partner of Blankinship & Foster LLC and is the firm’s Chief Investment Officer. He is a lead advisor, counseling clients on all aspects of personal financial management. Rick serves on several boards. He is the Chairman of the Board of Girl Scouts San Diego, and also chairs the San Diego Foundation’s Professional Advisor Council. Rick and his family live in Mission Hills. Rick enjoys spending time with his family, theater, cooking, skiing, gaming and reading.

3 responses to “Internet and Password Security”

  1. […] Make sure your passwords are strong. Your spouse’s initials and birth year simply aren’t good enough anymore. A strong password to help prevent financial fraud should combine at least three of four elements: upper case letters, lower case letters, numbers and symbols (@, #, $, %, etc). In addition, you can combine these with a simple phrase, so that “easy to remember” becomes “EaSy_2_ReMeMbEr”. (Read our article dedicated to strong passwords for more information: Internet and Password Security.) […]

Leave a Reply

Your email address will not be published. Required fields are marked *