Common Password Can Unlock Identity By Kristi L. Gustafson, Albany (N.Y.) Times Union January 20, 2005 Love. Sex. Money. . . . Password. There's a good chance you've typed one, or all, of these terms recently (and not necessarily because you were doing something you shouldn't). You may just have been accessing your e-mail, doing some online banking, shopping or looking in on your 401(k). These four words are the ones people choose most often as passwords, according to Chris Faulkner, CEO of Dallas-based CI Host, a Web hosting and data center with 215,000 customers worldwide. Those obvious choices put you at risk. "Our memory bank is so overloaded with passwords," says Faulkner. Password proliferation really took over in the early 1990s with the Internet boom. "We naturally pick things that are easy to remember." Hackers, however, have software that can run through 200,000 to 4 million potential passwords per second. If you have a four-character, letter-only password, it can take a hacker four seconds to break into your account. But an eight-character password with at least one number would take seven years to crack, according to Faulkner. So protect yourself. Use different passwords, alpha-numeric combinations and never, ever share your password or write it down where it can be easily found. "Using only one password puts your credit rating and identity at risk if your password is compromised anywhere, on any Web site," says Randall Palm, chief technology and information security officer for CompTIA, the Computing Technology Industry Association. "Easy passwords should never be used for online transactions or personal information." Jim Feck, an Altamont, N.Y., resident with more than 100 passwords, 75 of them different, uses word and number combinations -- terms that have meaning, along with significant dates or numbers. "You need to look at the importance of what is being secured with that password," Feck says. "If it's your bank account, you want something that's hard to remember, but you might make a (sports) scores site your pet's name." Remembering all these passwords was getting tough for Feck and, rather than having his password e-mailed to him each time he forgot -- an unsecured practice -- he bought RoboForm for about $25 back in 2002. The software is a one-click form-fill and password-management application. The product stores multiple user identities, including name, address, phone number and other important information; it also securely stores confidential data such as passwords and bank account and credit card numbers. Before this, Feck maintained all his passwords in a spreadsheet called "Passwords." "I probably should have called it something less obvious, like 'birthdays,' " he jokes. RoboForm is entirely encrypted and sets up like a toolbar on your Web browser. You can take all the information with you in a traveling USB no bigger than a key chain. Since about a third of all calls to technology help desks in a corporate environment are regarding passwords, according to Clain Anderson, IBM program director for security and wireless, it makes sense that software and other programs would come about to minimize the memorization. "The beauty part is you have one strong password, and that protects all your others," Feck says. "You don't have to remember a bunch of passwords. You just have to remember one to get in." Some believe even that may not be entirely secure. "As a standard security practice, we do not advocate documenting or writing down passwords at any time," says Palm. "Program-software (like RoboForm) has the potential to fall into that category." Companies like IBM installed technology into their notebooks that allows for fingerprint recognition -- the ultimate in computer security. This may not protect your online banking, 401(k) or bestbuy.com account from hackers, but it will stop anyone from logging on to your computer if it's lost, stolen or just left on your desk at work while you step out for lunch. Whether it's fingerprint technology, a password manager or the good, old-fashioned method of memorization, change your password every 90 days. "In many cases, your password is the key to your life," Faulkner says. "If someone gets a hold of the right one, they can take over your identity."