W0t, @ga1n!? Every month (if you're lucky), corporate information technology forces you to change your e-mail, network and other log-in passwords.

On top of that, there are numerous websites and accounts that demand passwords for access. A recent survey by RSA Security, a Bedford, Mass., consulting company that advises businesses on security issues, found that one in five business people are juggling more than 15 passwords.

Managing this "password inflation" leads people to get lazy, using easily guessed words or dates and writing them down where they can easily be found. Two-thirds of the respondents to RSA's study said they knew co-workers who kept their passwords on pieces of paper, and 40 per cent have seen passwords on Post-it notes stuck on workstations. The study also found that at some large companies, as many as half of all requests flowing into IT help desks involved forgotten or compromised passwords.

Passwords people choose are, on average, very weak. People are underestimating the level of ingenuity and determination on the part of hackers.

— Telus security expert Richard Reiner

"For business, passwords are a huge concern," says Richard Reiner, chief security and technology officer for Telus Security Solutions. "Passwords people choose are, on average, very weak. People are underestimating the level of ingenuity and determination on the part of hackers."

In fact, research shows that more than half of all passwords can be cracked within a few minutes, he says.

Choosing a password

Strictly from a security perspective, the best passwords involve lengthy combinations of numbers, letters and punctuation marks. The worst are those comprising any piece of information that can be associated with you, such as your birth date or phone number. But any word or combination of words in the dictionary can easily be cracked by hackers' software utilities.

Those who use the same password for many accounts invite the most danger.

"The risk is that one site they use might be hacked, compromising all their other accounts," Reiner says.

The most effective security solutions combine a password with a biometric reader or an ID fob — a small electronic key that allows access to a computer — or, as Reiner puts it, "something you know and something you have."

Reiner recommends two password-creation techniques. One is to download software such as the free Acerose Password Vault. You install it on your computer, create one strong password that logs you into the program, then the software automatically generates and/or remembers all your other passwords.

The other approach for creating hard-to-crack passwords is to think of a familiar phrase — a line from a favourite song or a private joke, for example — then figure out a pattern of scrambling the letters. For instance, the password could use the first letter of the first word in the phrase, second letter of the second word, and so on.

Password-creation techniques

Here are some other suggestions, culled from a range of sources, for devising passwords that are both secure and easy to remember:

• Use the calendar. Type in the month, year and a few letters to identify the account, such as "sep06Budgt." The following month, change "sep" to "oct." No repetitions. No-brainer.
• Add characters. Take the name of the account or website, then add, say, the last four digits of a familiar phone number (though never your own). That might produce "bizblog9485."
• Use mnemonics on random passwords. If you get a password assigned, don't change it — just find a way to remember it. Say you got "4tgGw39DK." That could become, "For the great Google warrior 39 Donna Karens." Not poetry, but say it a few times and it turns into a mental tattoo. You can get random character strings from free online utilities like Passnerd.com and BizFormBar.com.
• Combine small, misspelled words. To make a password easier to remember, use words starting with the same letter and perhaps related meaning (hyheihallo), then perhaps capitalize the first letters (HyHeiHallo) or break the words up with numbers (Hi1Hei2Hallo3), or substitute numbers for some letters (h1h3ihall0).
• Use first letters of a phrase. "mygolfhandicapis6," for example, would become "mghi6."
• Devise a code. Nothing techy here, just a simple scrambling system. For example, if your password phrase is "MyHandicapIs6," move one key to the right for each character: "
• Keypad scramble. Take a name or phrase you can easily remember, then type it using the phone keypad. "MyHandicapIs6" could become “my4263422747six."
• Scramble words. For instance, alternate the letters of each word, so "MyHandicapIs6" could become "MHI6yasndicap."
• Use special keys. Hold down the shift or alt key as you type part of your password. With the Alt key down on every third character, our handicap password becomes "my·anðicåpis§."
• Add spaces. Assuming the company's or website's password protocol allows it, it's a good way to foil dictionary searches. You might have "myhan dicapi s6."
• Remove vowels. "Mhndcps6."

The beauty of using these approaches is that this way, you can surreptitiously reuse a single password. Then, when you run out of tricks, you'll just need to get your handicap down to five.

[an error occurred while processing this directive]