Passwords. We have them everywhere now. Whether it’s the PIN (Personal Identification Number) for your ATM card, the password that logs you into your email account, or to set up your Internet Router, we have this need for security that our money, our personal details and our private information is kept away from people we’d rather not let near them.

However, your choice of password can let you down and even though you think you are safe, you could be leaving the doors wide open to unsavoury characters who don’t think twice about stealing your identity and looting your bank account and credit cards for as much as they can get their hands on.

There are thousands of websites that let you register and sign in with an account; each of which requires another password. It’s getting to the point where it’s difficult to remember which password you used where. And this leads you to disregard security to make your life easier.
It’s too tempting to choose a password that is easy to remember, or even use the one supplied by the manufacturer. Unfortunately, that often makes them easy for other people to guess.

Believe it or not, when faced with the pressure to choose a password, people are not very creative, and statistics show that many people choose the same ones as everyone else. Here’s a list of top-10 passwords:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

When they say “Enter password”, it doesn’t mean enter the word “password”! It means choose one and enter it!

If you use any of those passwords, you’ve fallen into the same trap as everyone else.

Don’t Keep Default Passwords
Here’s an example. My wireless Internet router is made by D-Link. To log in to the set up page, the account name is set by D-Link to be Admin, with the password set to “password”. Very easy to remember, and most people don’t bother to change it.
Now, I take my wireless laptop or PDA and go somewhere and find an open wireless network. What if the router being used is also by D-Link? What if the owner didn’t bother to change the account name or password? I can now log in and change the password, thus locking out the owner from their own router setup.
I can now come back at any time and browse the computers on that network. Who knows what personal information I might find on there?
And if “password” doesn’t work, I might try any of the ones from the above list.

Don’t Use Familiar Words
Instead of using one of the common passwords, some people resort to using the name of someone or something close to them, such as the name of their spouse, child, pet or street.
Here’s another example. When I was at university, my room-mate was a huge fan of the UK football team, Manchester City (also known as Man City). Just for kicks I thought I’d try and log into his university computer account. I knew his username, but needed his password. So I tried “mancity”. That didn’t work, so I tried the names of their star player. That didn’t work, either. Then I remembered the name of the team manager, and tried that. I was in to his account in just 3 tries.

Don’t use familiar numbers
Just like family names, some people use birthdates. Again, these are too easy to guess.

Use a Strong Password
A strong password is one that is more difficult to guess. Here are some suggestions for creating a strong password.

Don’t use words that appear in a dictionary. If you really must use a word to help you remember (but it’s not recommended), you could try replacing some of the letters with numbers or symbols that resemble the letter. For example, let’s say you wanted to use the word GUITAR as part of your password. You could change the G to 6, the I to 1, and the A to @ to make 6U1T@R.

Use numbers as well as letters. Very often, this is a requirement that is enforced when you choose a password, but looking at the list of common passwords, people are still using simple ones such as abc123.

Use symbols. Using punctuation and symbols makes passwords much more difficult to guess than if you had simply used letters and numbers.

Use upper and lower case letters. Passwords are usually case sensitive to increase the pool of letters available when choosing the password. This makes it much more difficult to guess.

Use longer passwords. It is now recommended that the minimum length of password that you use is 12 characters, using a mixture of character types as mentioned above, and preferably a non-dictionary word.
Example: 4doFg*lf /Y7s

Remember your password.
So now that you have chosen a totally random password, how do you remember it? Some browsers can remember them for you, but what happens if your browser loses that data, or you are trying to log in from somebody else’s computer?

One technique is to choose a password that looks random but has some mnemonic attached to it.
Here’s one example I just thought of:
4&20bBbIaP
This fits in with many of our criteria; it’s what looks like a random mixture of letters, numbers and symbols, with upper and lower case.

The mnemonic for it is a line from a children’s song:
“Four and twenty blackbirds baked in a pie”.

After the 4 & 20, the remaining letters are the initials of the words, alternating lower and upper case.
(Please don’t use this example – now that I’ve mentioned it, hundreds of people will start using it!)

If you still can’t think of a good password, have a program generate one for you. There are a lot of free password generators on the Internet. Personally, I wouldn’t use one of the online ones – they might be logging my IP address and the passwords I generate.

So, think creatively about your choice of password. Somebody could be trying to hack your PayPal account right now!

Typically owners of machines that are part of a botnet are completely unaware that their computer has been hijacked. It has been suggested that 95% of all attacks mounted by botnet are from home computers; mainly because most people do not understand how to or why they should secure their PC.

Botnets are most commonly used to send spam and harvest private data from infected machines. However, they are also used to swamp websites with requests to knock them offline – known as a DDoS or Distributed Denial of Service. Additionally, some botnet PCs are used to host phishing sites and other illegal content.

So how can you avoid having your PC being hijacked?
Here’s a simple checklist:

• Never run a program or open a document that arrives via email unless you are sure that it comes from a trusted source. Beware that a program or document sent to you by a friend may well have been obtained from an unreliable source
• Don’t download and run programs or documents from untrusted websites
• Use anti-spyware and anti-virus programs
• On at least a weekly basis update anti-virus and spyware products
• Install a firewall and make sure it is switched on. Most broadband routers contain a firewall. Ensure that it is switched on. Don’t play with your router settings unless you know what you’re doing.
• Password-protect wireless router connections. If they’re not protected, people in neighbouring houses and people in the street with hand-held devices can get into your network.
• Make sure updates to your operating system are installed
• Educate yourself and family about the risks

You might think that it will never happen to you, but it will be a different story when the police or FBI come knocking on your door because your PC has been used to spam millions of email addresses.