What makes a good password?

http://news.bbc.co.uk/go/rss/-/1/hi/magazine/7090407.stm

Version 0 of 1.

WHO, WHAT, WHY? The Magazine answers...

We are leaving ourselves open to fraud online because of the passwords we use, says a campaign group. So what makes a good password?

By their very nature passwords are problematic. Easy to remember often means easy to guess and hard to guess often means hard to remember.

But people are leaving themselves open to identity fraud and one of the reasons is their password, according to Get Safe Online (GSO), a government-backed campaign group.

Problems include using passwords that are easy to guess and using the same one all the time. With "password" often cited in surveys as one of the most common passwords, GSO has a point.

THE ANSWER Long, mixing letters, numbers and punctuation and including non-alphanumeric characters

So what makes a good password? It's all about having a difficult word and a good system, say experts.

A good password will mix letters, numbers and punctuation, but the strongest contain non-alphanumeric characters or symbols.

Never use a word that is in the dictionary, says Ken Munro, managing director of SecureTest. Online fraudsters have written programs that can try thousands of different passwords and try every word in the dictionary.

Phrases and systems

Avoid using anything personal like a birthday, a son or daughter's name, a partner's name or a pet's name. Also, the longer a password is the harder it is to crack.

Don't use consecutive keys on the keyboard. Qwerty is a regular on lists of most-popular passwords, just look at your keyboard to find out why.

A good suggestion is to use a phrase you can easily remember, says Mr Munro. Use something like "I went to the pub last night" and take the first letters of each word. You can mix upper and lower case and throw in random symbols, like a dollar sign.

WHO, WHAT, WHY? A regular part of the BBC News Magazine, Who, What, Why? aims to answer some of the questions behind the headlines

But as well as having good passwords, having a system when it comes to using them is also advised.

"Have one password for high security things that really matter, like online banking, and a low security one to use on things that don't really matter," says Barry Fox, contributing editor for Europe Consumer Electronics Daily.

People are often advised to change passwords regularly. But experts argue that this isn't always necessary.

"It's a common misconception," says Mr Munro. "It's better to have one good password than lots of bad ones."

The other essential when it comes to protecting your personal details is also having a good user name. People tend to just use their names, which is leaves them vulnerable.