Cheryl Parson: Making it harder to crack the code of passwords


By Cheryl Parson - Better Business Bureau

Email, shopping, banking, Amazon, Netflix, prescriptions, kids’ activities. What do the items on the list have in common? They are all online and need passwords for you to access them.

In a recent news segment on the Today show, correspondent Tom Costello delivered some startling and thought-provoking statistics about our personal online worlds. He said the average person has “150 online accounts of some sort,” but uses just 12 passwords! Not only that, the average person uses the same password at least 10 times! Costello was even more disturbed because readily available online software was able to crack all of his passwords.

The point of Costello’s story was that if you and I can obtain software to crack passwords, just think what professional hackers can do. Since there have been so many mega-hacks we must assume our password information is out there on the Internet and we must be vigilant, changing to more secure passwords and updating our accounts.

Nearly all of us know the basics of password security: Don’t use anything that is easily guessable (for example, John Podesta, Hillary Clinton’s top campaign advisor, used “password” as his password). Don’t write them down. Don’t use your kid’s or pet’s names, etc. But what else can we do to make our passwords more secure?

• Experts say longer passwords, as long as 12 to 16 characters, are best. The fundamental rule of password cracking is that the longer the password, the longer it takes to crack.

• Use long phrases instead of random letters and characters. In Costello’s piece, he gave the example “IleftmyheartinSanFranciscoin2017.”

• Your passwords are only as secure as the site you are visiting. Use a unique password on each and every site. As one expert says, “Don’t make it easy for a hacker to attack one site and get your password to all the others.”

• NEVER use a dictionary word as your password! Even a hacker with a minimal skill set can easily crack passwords that are found in the dictionary. You might think that your word or words are unique and obscure, but it doesn’t take them very long to test every word and word combination in the dictionary.

• It’s counterintuitive, but many experts say to not change passwords frequently. It’s safer to use stronger, longer passwords and phrases, and stick with them. Microsoft security expert Cormac Herley says, “There is no evidence that password changes improve outcomes.”

• Spread your numerals, symbols and uppercase letters throughout the middle of your password, not at the beginning or end. Most people put capital letters at the beginning and symbols and digits at the end, negating the benefit.

• Use a password manager program or app such as Lastpass, DashLine or OneSafe. These programs and apps not only allow you to store and create random, very strong passwords for each of your sites, but you only need to remember one password to gain access to all your stored passwords.

• Disable AutoComplete for user names and passwords. Nearly every browser offers this feature, and it can save you time, but it also lets anyone who gains access to your computer to gain access to your secured sites.

It is critical to choose strong passwords that make a hacker’s job more difficult. As a professional hacker explained in an article he wrote on the subject, “Understand that there is no password I can’t break given enough time and computer assistance, but like anything else, I’ll attack the low hanging fruit first.”

By Cheryl Parson

Better Business Bureau

Cheryl Parson is president of the Better Business bureau serving West Central Ohio. The BBB may be found on the Internet at

Cheryl Parson is president of the Better Business bureau serving West Central Ohio. The BBB may be found on the Internet at