Your New Year's Resolution: Don't Get HackedFiled on Jan 1, 2010 by AnthonyDiSante
Do you have any passwords that you never change? Change them now, on New Year’s Day. Your password is the only thing protecting your bank account from crooks, so if you never change it, or if you use a weak password, you’re just asking for trouble.
You’re also asking for trouble if you use the same password on multiple different websites. In that case, someone who hacks/steals your password for one site now has access to all of your accounts. Fortunately there is a relatively easy way to protect against this: use a "base" password but tweak it slightly for each different website you use.
For example, say your base word is "driveway". By itself that’s a horrible password because a) it’s too short, and b) it’s in the dictionary. You can make it much more secure by taking, say, the first 2 letters of the website where you use the password, and injecting them into it. For example, if your bank’s website is www.toobigtofail.com, then you’d take the first 2 letters ("to") and put them into the password, resulting in "drivetoway".
Now just repeat that for every website you use, and you’ve solved the same-password-for-every-site problem, yet you still only really have to remember one password. Of course there’s still a lot of room for improvement here -- ideally you’d have some uppercase letters and some numbers in the password as well -- but by simply increasing the length from 8 to 10 characters and by using a different password for each site, you’ve vastly improved the security of the password.