Wendy Schollum: Get random for password

When  I tell a prospect that our website editing software is web based, some giggle with glee (because they won't have to install the software on any computer they want to use it on), while others cringe and tell me about the articles they've been reading about online password cracking.
What these people often don't realise is that any password-protected application is only as secure as the password you choose.
When selecting a password, many people focus on choosing a number or word that will be easily remembered, rather than choosing one that will be hard to guess.
This fatal flaw is the main reason that some web applications (and even offline applications) can be "hacked".
As computers have evolved, so, too, have hackers' tools and one such tool acts as a password guesser. However, this tool doesn't just run through every letter and number combination and hope for the best. Instead, it intelligently tries to guess your password by using some of the most commonly used passwords. The most common password is "password1". Don't laugh, the most common password used to be "password".
Most guessers start with a dictionary of about 1000 passwords, things such as "letmein," "temp," "123456," etc. Then it tests them each with about 100 common suffix appendages such as "1", "4u", "69", "abc", "!" etc. Using these 100,000 combinations the guesser software will recover about 24 per cent of all passwords, giving them access to everything from email accounts to bank accounts.
Some guesser tools will also use personal information to crack your password. For example, a hacker may research your birth date (and those of your loved ones), your address, the names of your children, etc, and input this information into the guesser tool to help crack your password. If it can, the guesser tool will also index your hard drive, usually using a virus you have downloaded and don't know is spying on your computer. It creates a dictionary out of every printable string, including deleted files. So, if you have ever kept an email with your password, or saved it in an obscure file somewhere, this process will grab it.
If you want to choose a password that will be hard to guess, you should choose something that this guesser software will miss. For example, take an easy to remember sentence and turn it into a password. Something like "The itsy bitsy spider went up" might become "tibsWENTup". That 10-character password won't be in any dictionary.
Keep in mind that even strong passwords can still fail, because people can be sloppy with security. Don't write your password on notes and stick them to your monitor, don't share them with friends or choose the same passwords for multiple applications. If you can't remember your passwords, write them down and put the paper in your wallet. But write the sentence, or better yet, a hint that will help you remember your sentence.
Wendy Schollum is a web strategist and Managing Director of Xplore - your web agency (www.xplore.net). If you have a web-related question you would like Wendy, or the Xplore team, to answer, follow Xplore on Twitter (www.twitter.com/xploreNET), join us on Facebook (www.facebook.com/xploreNET or call 0800 100 900.