How to Create a Hack-Proof Password

August 17, 2012

Password hacking is a serious, constant threat to home offices, businesses, and health care facilities. Here’s what to consider when creating passwords.

The recent hacking scandals that have dominated the headlines led me to do some extensive research on creating secure passwords. If you consider all the various passwords people use every day, hacking is a serious, constant threat to personal home offices, businesses, and health care professionals and facilities, especially since the introduction of electronic medical records.

Here is a comprehensive list of the most important tips to remember when creating passwords.

• Create a different password for all your different accounts; meaning your email at work and at home, your operating system at work and at home, your bank account, Amazon and Pay Pal accounts should all have different passwords. As bothersome as it is to remember so many passwords, if one account is hacked, at least the others will not be jeopardized.
• Change your passwords every four to six weeks or sooner depending on the sensitivity and security issues.
• Do not reuse old passwords.
• Do not write your passwords down and store near or on your computer. Internet browsers now have a feature that allows you to save your username and password on websites that require a log-in. Do not check “yes.” If you have in the past, saved information can be cleared in the settings. If you must store the passwords, use hints instead to help you remember.
• Do not use anyone’s name or user name (coworkers, doctors, your own, spouse, kids, pets, relatives, etc.).
• Do not use any words found around the health care facility, in the dictionary, names of TV shows, or keyboard sequences (like “qwerty”).
• Do not use any phone numbers, birth dates, license plate numbers, or any part of social security numbers.
• The minimum recommended password length is six to eight characters. The longer and more complex the password, the more likely it could withstand a brute-force attack used by hackers on encrypted data. According to Microsoft, passwords with 15 or more characters are no longer encrypted and stored in their hidden system files; therefore, the threat of being attacked by a hacker is completely eliminated.
• The trick is to make your passwords complex, but easy for you to remember and difficult for others to guess. One suggestion is to start with a meaningful phrase, remove the spaces, mix in one to two upper case letters, change one to two letters to numbers, deliberately misspell a word, or insert a punctuation mark. Here is an example: “I love diagnostic imaging” can be changed to “1luvDiagiMa8ing.” There is a mix of upper and lower case letters, numbers, misspelled words, and a period at the end.
• Another suggestion when using a meaningful sentence is to take the first letter of each word and apply the same techniques as above. So, “I love diagnostic imaging” can be changed to “iL:di12!”
• An alternative to using a sentence is to join two unrelated words and again, apply the same techniques as above. For example: “hamburger and wireless” can be changed to “Hambugr&wirele88.”
• It is not enough to simply use one technique; it must be a mix and meet the minimum number of characters.
• Finally, always be wary of emails requesting you to change your password. It could be a scam. One exception would be if you forgot the password and requested it be reset.

The different password options are infinite; just use your imagination to come up with something that is completely random, only unique to you or your health care facility, and something you can easily remember.

Do you have any other helpful tips to add to the list? As a healthcare professional, how does your facility handle password security?

Jennifer Daugherty is a business development coordinator for Charlotte, NC-based The Remi Group, LLC, which provides programs that replace equipment maintenance service contracts, with the goal of saving money, improving equipment performance, and reducing equipment downtime.