6 Tips for Creating an Identity Theft-Resistant Password

by Dawn Handschuh, Personal Finance Writer   

Suggestions to successfully protect your password from hackers

Online identity theft remains rampant these days as identity thieves become increasingly inventive in finding ways to steal your personal information. Whether they're creating bogus websitesthat masquerade as those of your bank or credit card lender, or sending out phony emails that entice you to click on a link that allows malicious software to take over your computer, ID thieves will stop at nothing to profit from your good name.

It's been said that locks keep out only the honest. So while you may use passwords and security questions to access your online bank or brokerage accounts, cursory security steps like these won't stop a computer hacker who's determined to get in the door.

That's because, when it comes to password protection, most computer users take the easy way out, due either to carelessness, laziness, ignorance or "password recall fatigue."

According to PC Magazine, here are the top 10 most commonly-used online passwords: 

  1. password
  2. 123456
  3. qwerty (the first 6 letters on your keyboard)
  4. abc123
  5. letmein ("let me in")
  6. monkey
  7. myspace1
  8. password1
  9. link182
  10. (your first name)

If your password is on the list, it's time to create a better one!

Other hackneyed passwords to avoid include:

  • Your first name for both your ID and password
  • Your child's name
  • Your pet's name
  • Your birth date
  • Your spouse's name
  • Your hometown
  • Your college and date of graduation

The problem with using something so obvious is that information like this can easily be picked up by a casual acquaintance, such as a co-worker, or from complete strangers who harvest this information from social networking sites like Facebook.

According to the National Cyber Security Alliance, 83% of social networking participants have downloaded content from someone else's profile, and 31% of adults who use social networking sites responded to unsolicited email or instant messages.

As for security questions, avoid the easy ones like "What's your mother's maiden name?" or "Where did you attend high school?"

That's what got Alaska Governor Sarah Palin in trouble during the 2008 presidential campaign. Her Yahoo email account was hacked by someone who was able to reset her password because the hacker was able to learn her birthday, zip code and where she met her husband. 

Memorability vs. security

Choosing a secure password is a balancing act between creating a strong password that can resist hackers using computer-generated password combinations and coming up with something you'll easily remember. Of course, relying on the same password to access multiple sites also makes consumers especially vulnerable — once a thief gains entry to one site, he has access to all.

How to create a password as secure as Fort Knox

Follow these tips to create strong passwords and security question answers that will resist attempts by most hackers:

  1. Whenever possible, create your own security questions on frequently visited websites rather than relying on the questions provided. Create more personalized questions to which only you know the answer.
  2. If you do use standard security questions, answer the question in an unexpected way. For instance, your answer to the question, "What was the first car you drove?" might be "Apple green Ford Maverick" instead of "Ford Maverick." In answer to the question, "Where were you born?" you might say, "In a hospital" instead of "Bethlehem, PA." If you have a good memory, consider answering the question with an intentionally wrong answer to really confuse would-be hackers.
  3. The best password is at least eight characters long with a mix of upper- and lower-cased letters, numbers and symbols. If you find it hard to remember a hodgepodge of letters and symbols, choose a meaningful phrase or song lyric you can easily remember, then create a password using the first letter of each word in that sentence. For instance, the password for the Michael Jackson lyric, "Don't stop 'til you get enough" would be "dstyge."
  4. Avoid writing down your passwords. A lengthy password you initially thought was quite strong could end up being very weak because you had to write it down to remember it.
  5. Consider using a password manager that stores all your passwords in one secure, encrypted place. (You'll still need to remember one password to access your data.)
  6. Use a password containing words or phrases in a foreign language. To take this idea a step further, use a foreign phrase re-spelled in English — phonetically. For instance, "Te quiero," which in Spanish means "I love you," could be turned into a password spelled, "taykeyearoh."