Q. Why do I need one of these long, random passwords? My password is good enough.

A. Because the bad guys get more sophisticated by the day, and these days, "good enough" isn't.

Password Place will generate up to 100 random passwords based on the length and character set you select or type in. Even if you only need one, you can generate a bunch and pick the one that will be easiest for you to remember.

1. Select how long you want the passwords to be (6 to 32 characters):   6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

2. Select how many passwords you want to generate (10 to 100): 10 20 30 40 50 60 70 80 90 100

3. Choose the character set to use or type your own list using "Custom".

NOTE: Systems and programs allow different numbers of characters and different charcter sets. In general, it is always best to use the longest password that will be accepted and, if you can, to include characters other than letters and numbers.

If you do not already know, check with your system administrator to learn which characters are allowed in passwords on your system or network and how many characters long they can be. Type 1, the Standard set plus the underscore ( _ ) is acceptable virtually everywhere.

Standard: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890

Type 1: Standard plus _

Type 2: Standard plus _ ! . ,

Type 3: Standard plus ` ~ ! % ^ * ( ) _ - + = [ ] | \ ; : ' " , < . > ? /

Type 4: Standard plus ` ~ ! % ^ * ( ) _ - + = [ ] | \ ; : ' " , < . > ? / & @ # { } $

Type 5: Standard plus ! ^ $ ? < > . % + - = & #

Type 6: Standard plus ` ~ ! % ^ * ( ) _ - + = [ ] | \ < > ? / @ # { } $ (for MySql)

To use a custom character set, select "Custom" and type the characters you want to use in the box below with NO space between each one, as in abcKLM876[x_4. You must enter at least 12 different characters.

Custom character set

Password Tips

No password can protect you if you do not protect it.

• Never say your password aloud when others are near enough to hear it.

• Be aware of who is near you when you type or write your password. Even if someone only gets some if it by watching you, that part will make it significantly easier to guess the rest.

• Never keep a copy of your password on or in your desk, stuck to your monitor, under the keyboard, or anywhere else that is not secure.

• Never share your password with anyone, including supervisors, assistants, or IT personnel.

• If you must disclose it for any reason, change it as soon as you can.

• In a business setting, document the date, time, to whom you revealed it, and the reason given for their requiring it.

• Never email your password or hints about it. Email is not always secure from prying eyes.

• Do create and memorize a twelve to sixteen character nonsense word which you can use as a Master Password for use with your web browser's or Internet security software's password manager. Two examples: flostimograly; dwemkanvirox.

About Passwords

Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
      —Clifford Stol

It should go without saying that passwords are the most important — and the most vulnerable — component of online security.

Passwords are used to prevent unauthorized access to and guarantee the security of important accounts and information. Yet many people use simple, easy-to-guess passwords that offer little protection against even a casual hacker.

Simple passwords will not protect you.

An oft-repated myth is that passwords based on personal information are secure. They are not. So much personal information is now available online that using anything except random sequences is asking to be hacked.

Common password mistakes include:

• Using ANY personal information
• Using two or three words strung together, like frogmountainshoes. Hackers use programs that automatically try individual and combinations of words found in dictionaries.
• Using keyboard key sequences, like qwerty or lkjhgfdsa or 1!2@3#4$5%. All such sequences are easily programmed into the hacker's cracker program.
• Using letter-number-character substitutions. Look at our name at the top of the page. P@s$W0rD_p|@(E looks pretty secure with the @s substituted for the "a"s, the dollar sign substituted for an "S", the zero for the "O", the pipe symbol for the "L", and the parenthesis for the "C", but it's just two common words with some substitutions and such substitutions are easy for a hacker to program into his database of things to try.

If we can think of the "trick" so can — and do — the hackers. After all, it's their job and one at which the incentive to succeed is the ability to steal lots of our money.

Is it really worth the risk of having your identity stolen, of your bank account emptied of funds, or of your email or Facebook account being used to send all your personal and business contacts solicitations to visit porn websites or buy "penis enlargement" drugs and products or worse — to trick them into installing a virus or keystroke logger that will let the hacker break into their accounts, too?

Researchers from the University of Maryland's A. James Clark School of Engineering in College Park have quantified how frequently unsecured computers are the victims of hacker attacks. They found, on average, that each unsecured computer was attacked every 39 seconds — that's more than 2,215 times a day!

Hackers use a string of common passwords and user names to penetrate under-secured computers, websites, blogs, Facebook accounts...anything and everything they can. If you thought you were being clever by using your user name as your password, note this: Fully 43 percent of all password-guessing attempts simply re-entered the user name.

The top 10 most common passwords:

1. Your user name
2. Your user name followed by 123
3. 123456
4. password
5. 1234
6. 12345
7. passwd
8. 123
9. test
10. 1

While movie and TV hackers are portrayed as people with grudges who target specific institutions and manually try to break into their computers, in reality, study leader Michel Cukier says, "Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day."

By now, we hope we've convinced you to stop using your insecure passwords and generate some new ones. So, how long should your new passwords be? The following table shows how many combinations are possible for the four main generation choices above and for just upper-and lowercase letters. The Time to Crack values are based on one million attempts per second.

As you review the values, keep in mind that there computers that can run password tests far faster than one million times per second. And though they are unlikely to be used to try to break into your bank account, it still makes sense to have the most secure password possible.