How to pick a password

April 20, 2007

Don't fret if your brain's bogged down with a jumble of computer passwords. Here are some tricks to help you remember them.

It's a familiar scenario: You've gone away without your laptop for a week and now that you're back in the office, you can't remember your login. That sticky note you had it written on has disappeared from your desk. Your problems are twofold because not only can't you access your system, your written reminder may have gotten into the wrong hands and allowed a breach of security. While you're searching your memory for those elusive characters, here's how to prevent this from happening again.

Design a super-secure password

Imagine having 40 different passwords. It's not unheard of among busy professionals such as doctors, say computer system security experts. Hopefully you have far fewer. But, when added to your personal passwords, you likely still have an unwieldy number to keep track of. A simple solution is to design just a few passwords you can commit to memory, but that potential hackers will find nearly impossible to crack.

Since it's dangerous to use only one password for all applications, you'll have to memorize at least three of these codes: one for each level of security you designate as high, medium, or low. High-security passwords are used only for transmitting sensitive banking, health, financial, and personal information. Use medium security for e-mail and everything else that may require some personal information, and reserve low-security passwords for news websites and other public domain sites. Instead of designing three-tiered passwords, another option is to develop one simple convention to be used for all passwords. Stephane Fymat, vice president of product management at Passlogix, a software developer in New York City, recommends creating a "rule." You'll still end up with scores of passwords, but only one rule to memorize. Fymat's example begins with the first three letters of the application you're using, then the current month, and finishes with your mother's maiden name. Your login for Yahoo! Mail would be something like YAH03Jones. As with all passwords, don't write any down, and certainly don't record the rule itself.

Consider more-advanced technological solutions

You may have already run into single-sign-on systems (SSO) at your hospital or laboratory. These large-scale solutions allow users to enter just one password that gives them access to all applications in the system, while still meeting HIPAA standards. Another tool, called password management software, is available on the Internet or from software retailers. You enter all your logins and passwords into the program, which retrieves them automatically when needed. Some experts shy away from this technology since it stores all your information in one place. If security is broken, you're completely exposed.

Other solutions include "random password token generators" that create and store passwords using keychain-sized gadgets, and fingerprint readers, both available from retail outlets. John Lubrano, a computer consultant in Austin, TX, frequently encounters these devices in hospitals and labs but hasn't seen much need for them in doctors' offices. However, he notes that technologically advanced physicians are enamored with biometrics, like readers and scanners for their laptop or tablet because of their ease of use. Discuss these options with your computer consultant or retailer if you're interested.