BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in:  Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Friday, 10 May, 2002, 09:21 GMT 10:21 UK
How secure is your password?
You can hear Jon Wurtzel every week on the BBC's Go Digital
BBC Go Digital's Jon Wurtzel casts a wry eye over developments in the world of technology

In order to access computer networks, online bank or e-mail accounts, we need a wide range of usernames and passwords.

Constant attention is required to track what our name is in each virtual environment, and what password is needed at that moment to access personal information.

This means that using the internet requires us to constantly create and manage multiple identities.

The complaint that the internet enables people all too freely to impersonate alternate identities often overlooks a fundamental point: online, we are all required to assume multiple personae.

Friends and family

Ensuring our various accounts are secure means constantly creating and updating a range of passwords.

Click here to tell us how you chose your password

While the content they protect may be financially and personally sensitive and specific, the majority of passwords people use adopt generic, often easy to detect patterns.

User clicks on a mouse
Is your password too easy to discover?
Knowing a bit of detail about someone, such as names of family and friends, favourite books and films, and where the individual lives, can often offer enough clues to successfully guess someone's password.

Checking for Post-It notes on someone's monitor is another quick way to find this sensitive information.

And one of the most common passwords of all is password. Words like secret, system and banana are also pretty popular.

Password: ryeh604j23

While there are several software applications on the market promising password protection, attaining simple to use, guaranteed security seems to remain elusive.

To manufacture a more secure, less breakable password, online security expert Dave Perry from TrendMicro gives the following advice.

Use a full sentence and put some symbols and numbers at the end of it. If you can touch-type quickly enough, the password should be secure and not visually detectable.

Alternatively, experts say you should pick a cycle of words that mean something to you from your past.

Change one of the letters to a number, like an E to a 3, and then rotate through them for your various passwords.

So alongside managing multiple identities, we now need to practically assume the vigilance, even the paranoia, of a Cold War spy to ensure our online security.

Unsurprisingly, the majority of online users find these techniques impractical, opting instead for easy to remember, and perhaps easy to crack, passwords.

This might undermine our security, but we do it because it's the most efficient way for us to use what the net has to offer.


How do you chose your password? Do you end up using the same one all the time? How can we be expected to remember them all?

I use one password for most subscription sites. A second for membership sites / work related forums and individual passwords for sites where I conduct financial transactions. Details are recorded in Word document and in a notepad kept with all the software manuals on the basis that nobody reads the flaming manuals so they won't look there for details of passwords. I only use Explorer remember password facility for the commonly used first password.
Phil, UK

I have heard that in one office, there was a particularly good-looking lady, and her name was the password for almost all of the computers used by the men in that office. People need to try something original.
Sally, UK

I use a mixture of (upper/lowercase) alphanumerics plus extended characters (ALT+(0 to 255)). No security tools off the net can breach these.
Mike, UK

I pick up a big book and randomly point to a sentence on a random page. I use the first letter of each word in the sentence to form the first x characters of my password. I then randomly pick two or three pages from the book and append the page numbers in random order to the end of my password string.
Rob, England

I choose my password by using the name of the first thing that I see or think of. Happily I don't have to remember too many passwords as I store all of them on my PDA using a handy password retrieval tool called STRIP (Secure Tool for Recalling Important Passwords).
Tom, United Kingdom

I use 1234 or abcd. Easy to remember.
Benj, UK

I wrote a program which randomly generates a combination of letters and numbers, 10-long. I remember it the same way I remember anything, by repetition.
John, UK

Any four digit number will be the house I lived in, in Canada four years ago. Internet access is my favourite past time and my log-on to computer is a character from whatever book I might be reading when I'm promoted to change it!
Jessica, UK

I use a combination of my brother's initials (several) interspersed with the the month and year. He lives in a different continent, and is unknown here.
Malcolm, UK

Substituting letters for numbers (for instance, 'e' to three or 'l' to one) is not such a great idea. Most decent password crackers will take a list of known possible words and permutate them, this will involve substituting letters for numbers, adding numbers after the word and other common changes people make to normal worlds. Look at how password crackers work at trying to guess your password then choose your password accordingly. Weak passwords are the number one vulnerability in computer systems world wide, has always been that way and will continue to be that way for some time to come.
Hoob, UK

I used a program to produce a random 16 digit number using all characters available. The password is used only for important logins such as my bank account.
Allan, UK

I find a magazine and look for an article with a number of words in the title. I then choose the first letter from each word until I have six to eight characters and replace one or two with number (eg replace i with one). Secure, and easy to recall (as long as you don't throw away the magazine!)
Aidan , UK

My passwords are chosen at random by whatever's going through my mind at the time. Either that or they're predetermined by an outside person.
Kim, England

I choose my fave footballer and use that name plus his squad number ensuring that I have mix of letters and numbers, I use the same password for everything so if someone works it out I'd be in trouble. Also if that player leaves I have to have to change all my passwords
Jason, UK

For a while, I based my online passwords on the names of female friends with whom I had particularly pleasant encounters, followed by six digits giving the date of these encounters. I had to change strategies after this system was compromised more than once.
Tom, Cambridge, UK

I chose a memorable word/thing from my past and then translate it in to Finnish. As Approximately only about 5m people speak Finnish it helps to reduce the chances of anyone guessing.
James, UK

A long time ago, someone told me that he had devised a very clever system of ensuring that his password could never be guessed or easily copied. He was working on a Unix system and always tried to ensure that his password was as close to the maximum number of characters allowed as possible. He simple used titles of songs or books or sentences or phrases from articles that he came across. He one had a password that was 64 characters long! I have since adopted the same principle: I choose titles of songs or books, but I choose a mix of both capital and common letters and numbers as well as the spacebar and underscore if those are allowed. When people try to see what my password (I also type very fast) they get tired after the first 10 strokes since they get caught up wondering what on earth I could be typing so long!
Anna, Sweden

I use small town names in a country like France, change some of the I's for ones, some of the o's for zero and some of the e's for threes. Beats most lookup programs!
Tudor, UK

I use my first name as my password.
Andrew, UK

I use my husband's surname
Louise, Ireland

No way! I'm not telling you that otherwise everyone will guess what my password is!
Andy, UK

I use the name of an American ex-girlfriend, as even if you knew how it was pronounced, there is no way anyone could ever guess it was spelt in such a bizarre fashion. It's still not exactly secure. If you want security use the Unicode Characters, by holding down the ALT key and entering three numbers on the key pad. It can't be broken easily by brute force attacks then.
Paul, England

I take a section of a poem and use the first letter of each word, then add a number on For high security passwords I combine the numbers of my bank account password, making an eight-digit number It's already secure and try cracking all the combinations.
Ruaridh, Scotland

For insecure sites, like just a simple message board, I use a generic simple one. For more secure things like on-line banking or a website that stores my credit card information, this is the easiest way to create a secure password, let's take a Hotmail account as example: Pick a sentence that is easily remembered in the context, like: "My e-mail should only be accessible to me", you create the password by taking the first letters of each word, replacing certain characters: "Me50ba2m". Now guess that!
Bas, UK

Pick a sentence and use the first character from each work, substituting some letters for 'equivalent' numbers. For example: "The quick brown fox jumped over the lazy dog" can become "tqbfj0tld". Easy to recall, difficult to crack.
Doug, UK

I pick a religious quotation (any religion, Christianity, Islam, Buddhism, Hinduism or anything else I happen to have read about) which symbolises the use of the passwords, so I will often pick a phrase about an encounter with or action of a god for administrator passwords. I then take the first letter of each word and then I have a password I can remember easily, but no one else can guess.
David, UK

Having exhausted U2's albums I am on their singles. After that I shall be on B sides! Has worked well for the past two years!
Charity, UK

I choose names that I'll remember like my pet dog, our boat name or my old phone number - trouble is I can't always remember which of them it is.
Ann, UK

I use the surname of the Italian writer I studied for my PhD. Now that I've admitted this, I shall immediately change it. Liked that Finnish idea, nice.
Stephen, UK

I use a series of mathematical sums to decide my passwords. Usually i take the year plus month of a relatives/girlfriends birthday, minus the day and then add that number to the end of a word that is meaningful to me (this helps me remember the number!). Far too complicated sometimes but my systems are well worth protecting!
Marc, UK

When deciding on a new password, I take two large prime numbers, convert them to hex, perform a cipher operation on the first number using the second as the key. I then junk this because it will be impossible to remember, and use the same password I use for everything.
Brian Williams, UK

A word of caution for people who use the same user name and password for all their internet accounts. Remember that an unscrupulous web master can easily get hold of both the user name and password, and then surf the web looking for other sites where you've registered - your bank account perhaps!
Simon, Ireland

Choose a word at random - say "Elephant" then change the ending to generate a word not extant in the dictionary - say "Elephantusi." Try and make it something silly so it stick in your mind. Finally, switch some letters for numbers that resemble them and add caps in places you'll remember: say "el3ph4ntusI." This generates a very secure password that can't be cracked by brute force but is easy to remember.
James, UK

I generally use a word or two I like and then convert some letters to numbers and then also put some of the letters in caps. Its easier than remembering dfkgjh345sDSFG45 or something daft.
Colin, England

Remembering passwords is a bit of pain but I generally only have two or three on the go at once. A general one for non-secure websites that force me to register, plus a internet shopping one and a work/home password for computer system. My passwords are random consisting of alphas and number in a mix depending on how I think of them. The ones that matter get changed about every other month or three months, so I hope they're fairly secure. I haven't seen and dodgy transactions on my credit card yet!
Peter, UK

One of the hardest things is to pick a password that is easy to remember, the last thing you want to have to do is write it down. I tend to use characters from ancient history or obscure sub-atomic particles. Trying to pick something that isn't obviously connected to you or your interests is the key.
Mark, UK

I log on to a medical web site and pick a few medical terms such as bunion or blister, fever01..etc
Peter, South Africa

You all have some pretty ingenious (complicated?) methods for choosing passwords - but how on earth do you remember something like a 16 character random alpha numeric string? I use computers every day, have a degree in Computer Science and still have to make all my passwords similar (although never identical) to be able to remember them. I seem to recall that most humans can only reliably remember 12-14 digit numbers!!
Lee, UK

My password: the name of my first pet followed by my mother's maiden name
Sally , UK

I find it very difficult to choose a new password. However it was suggested to me to think of a song title and then take the first letter of each word in the title , eg All Things Bright and Beautiful would be ATBAB. I do find myself singing along to the song though!
Ken, UK

Geographically. Cities I've lived in and love, actual street addresses I've lived at and enjoyed, also the first address I ever memorized (my great-aunt's house, a cherished childhood memory). No one can guess them and I won't forget them, either!
Carmen, USA

My password was chosen from a woman's name in a title of a popular movie, While on vacation one year my friends called me that and it stuck.
Della Smith, USA

I like to use my favourite foods. That way, every time I use the password, I have nice thoughts.
Paul, Australia

I don't pick very secure passwords. I usually look at an object on my desk such as "glass," "phone," "ticket," whatever, and add a two-digit number to the end. Hard to guess, but not very hard to crack.
Jonathan, USA

I always use the same method. I mix together the day's date my birthday and the time on my pc.
Cheryl, UK

I pick a phrase that's easy to remember, such as a line from a poem, and choose the first letter from each word (or the second). Throw in some non-alphanumeric characters and you have a pretty good password.
Alfredo, Canada

Passwords can be hacked, I use an RSA authentication tokencard. A new password is created for me each time I try to log onto a system. I never know what the password is each time, the card from RSA tells me.
Roy, Canada

Letters + numbers + characters ... ie pa55word@ or gh7&12H
Bob, Bermuda

I choose my password based on a number joke with my sister and another is a school name from a school that does not exist. It makes no sense. I also use a variety of passwords and I change them from time to time.
Rosie, USA

Click here to return

Send us your comments:

Your E-mail Address:



Disclaimer: The BBC will put up as many of your comments as possible but we cannot guarantee that all e-mails will be published. The BBC reserves the right to edit comments that are published.

You can hear Jon Wurtzel on Go Digital, which is webcast on BBC News Online every Monday at 1500 GMT. Or you can listen to the programme on BBC World Service radio on Tuesdays, Wednesdays and Thursdays.

See also:

29 Apr 02 | Sci/Tech
Employees seen as computer saboteurs
17 Jul 00 | Sci/Tech
When hacking is guessing
08 Apr 02 | Sci/Tech
Computer crime 'soaring'
Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories