AARP Rewards makes life a little easier and a lot more rewarding. Sign up today.
Scams & Fraud
by Sid Kirchheimer, AARP Bulletin, August 3, 2009
The difference between secure computing and falling victim to online fraud or identity theft often comes down to a dozen or so keystrokes: your password and your answers to those security questions that websites figure only a real user would know.
In the first of two parts, Scam Alert provides tips on how to choose hard-to-crack passwords that are easy to remember. Next week, we explore the problems with commonly used security questions, and how to create answers to bolster online security.
You’ve heard it before: To protect your online banking, shopping and other accounts, use strong passwords—often described as having at least eight characters and a mixture of upper- and lower-case letters, symbols and numbers. Yet despite that common advice, hackers manage to break into computer accounts every 39 seconds, according to one study, and losses last year from online fraud totaled $265 million, up 33 percent from 2007, according to the FBI.
One reason: Many people continue to make poor password choices, repeating their username (johnsmith) or adding numbers to it (johnsmith123). Other commonly hacked passwords include “123456” or some other numerical sequence, the words “password” or “test,” or others on this list of worst passwords.
But even tweaking a word with symbols or numbers—say, changing “mysecurity” to “my$eCurIty”—may no longer be enough. Nor is repeating a word (mysecuritymysecurity) or even spelling it backward (ytirucesym).
That’s because sophisticated hackers often use “brute force” programs that scan for words found in the dictionary, and even combinations of them. Once a hacker cracks a password, he can change it, locking out the real user.
This may explain those cryptic passwords, such as HD4kr#wp8T49c, that are often assigned when you open a new online account. But while such passwords offer increased security, they can be hard to remember (one reason why they are usually changed to regular and hackable words).
So how can you devise hard-to-crack passwords that are easy to remember?
Ideally, you should use different strategies to create different passwords on various accounts, and change them every month or so. Check the strength of each password at Microsoft’s password checker.
Sid Kirchheimer is the author of "Scam-Proof Your Life" (AARP Books/Sterling).
Featured AARP Member Benefits
See All >
WayForth Home Transition Management
Free consultation and follow-up plan
Personal Loans from Marcus by Goldman Sachs®
No-fee personal loans
Members can save monthly on qualified AT&T wireless plans
Members can save 50% on prescription lenses
You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits.
Your email address is now confirmed.
You'll start receiving the latest news, benefits, events, and programs related to AARP's mission to empower people to choose how they live as they age.
You can also manage your communication preferences by updating your account at anytime. You will be asked to register or log in.
In the next 24 hours, you will receive an email to confirm your subscription to receive emails
related to AARP volunteering. Once you confirm that subscription, you will regularly
receive communications related to AARP volunteering. In the meantime, please feel free
to search for ways to make a difference in your community at