X

How hackable is your password? McAfee offers password tips

The security vendor is out with a few rules and reminders for creating strong passwords designed to thwart the bad guys.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
See full bio
Lance Whitney
2 min read
Screenshot by Lance Whitney/CNET

How do you create a password that's strong yet easy to remember? That's the challenge we all face, and one that's prompted a few words of wisdom from McAfee.

In honor of Intel's so-dubbed Password Day, McAfee unveiled a series of tips and tricks on Tuesday aimed at helping all of us juggle the passwords we're forced to maintain across the Web. Its parent Intel has also chimed in with a page that tells you how long it would take to break a certain password. Let's look at Intel's page first.

Browse to the chipmaker's "How Strong is Your Password?" page. Enter and then renter a password. The page says that the password is not sent over the Internet but still cautions you not to enter your real password. Instead, you can enter a password that you might like to use.

In return, the page tells you how many seconds, minutes, hours, days, months, or years it would take someone to hack your password. For example, a password like "12345" or "abcde" would take 0 seconds to hack. So, what are your options if your passwords take seconds instead of months or years to decipher?

McAfee has several suggestions up its sleeve. Some of these may be old hat but they're always worth repeating.

  • Use different passwords for your bank account and your e-mail or social networking accounts. If your e-mail account gets hacked, at least your bank account's password is safe.

  • A strong password often uses a combination of letters, numbers, and punctuation marks. But you don't have to conjure up a random series of characters that's impossible to remember. Instead, create a phrase that incorporates all of those items. McAfee used "My 1st Password!" as an example, which by itself sounds pretty hackable. But Intel's page revealed that even this password would take four months to hack.

  • Once you have a password with letters, numbers, and punctuation marks, you can alter that password for different sites. McAfee suggests adding the name of a site to that password, such as "My 1st Password!: Twtr" for Twitter and "My 1st Password!: Fb" for Facebook.

  • A password need not be complex to be strong. Often, a lengthy password that's easy to remember can be more secure. A password like "XF1&tmb" would take 6 minutes to hack, according to Intel. But a password like "The-shining-sea" would keep a hacker busy for 48 years. A passphrase that's hard to hack yet has meaning to you offers the best of both worlds -- strong and easy to remember.

Finally, I have one suggestion of my own. Use a password manager. Such tools take over the hard work by creating, storing, and automatically filling in your passwords at any Web site. Two of the most well-known password managers are RoboForm and LastPass. I've used RoboForm for years and would have a tough timing juggling all of my passwords without its help.