My sister-in-law’s online email account was hacked recently, and now everyone on her mailing list is getting vast quantities of incredibly annoying spam. She’s not the only one—apparently some [choose your own derogatory adjective] [choose your own insulting noun] decided that we all needed more useless email. (Does anyone actually buy from spam emails?)

In any case, it turned out that her password was too easy to figure out, at least for a computer with a lot of time on its “hands.” This led to a discussion about how to pick a good password. Here is what my very knowledgeable husband had to say:

• A GOOD password is easy to remember, hard to guess
• Change it regularly, but not so often that you can’t remember all the passwords you need to know (which usually means both current and recent ones)
• Never write it down. If you have to write it, it’s either too complicated to remember or you have too many passwords to remember.

Pete continues…

As a person with not-so-great memory, in my own case…

• We create one new password approximately yearly. Yes, it is shared in my office. I’m not trying to keep coworkers out, just bad guys. In fact, it is important for somebody to know your passwords!
• We sometimes have had the “complex” version and the “simple” version, mostly because some websites can’t handle passwords with punctuation. This is not as much of an issue anymore. The simple version just leaves out the punctuation.
• I also have one super-secret password I don’t actually change at all and hardly anybody knows. This never goes online; it is only for encrypted disks with truly sensitive information.

How to invent a good password:

• Choose a bible verse you want to memorize
• Pick out the first letters of each word in a phrase
• Also choose some numbers. Probably best not to begin with a number because some systems don’t allow that. Some words convert nicely to numbers. Or you can use the reference (Jn4:8).
• Also choose at least one punctuation. Period, colon, comma…
• Also make at least one letter a capital.
• Put it all together. I often make it between 6 and 8 characters, although our 2010 password is 11 characters long. It’s very easy to remember and type but you’d never guess what it is. For example: John 3:16 might become fGsltw3.16 (don’t use that—make your own!)
• To make a few good variations, add a common “extra.” For example, add “$$” at the end for financial accounts.

How to protect your passwords:

• Protect passwords from being stolen and/or emailed. Too many websites store your real password, and will even email it to you. (That’s actually terrible. An unethical employee could steal all log-in ID’s and passwords!) Until I’m confident a website doesn’t email my password back to me if I forget it, I put in an old well-worn password that has already been emailed to me. Once I know they’ll protect a good password, I immediately change it to a good one.
• Once I have my “2010 password” I begin updating my various log-ins to use it. No hurry, but eventually I get there.
• Because I do update my passwords, I never have to remember very many. Right now I have five annual passwords that might get used… and the older ones are pretty rare. Mostly it’s just the current and previous ones, and sometimes one a year older.
• The password hint (when used) is kind of obvious to me: “10” for this year.
• We do keep a confidential catalog of websites, our log-in id’s, and what “year”, but not the actual passwords. Note that it would be slightly safer to not even record the year but hey…

After reading what Pete wrote, I realized that I haven’t updated my passwords for two years now, and I could easily make them harder to guess. I want to make it as hard as possible for anyone to hack my accounts!