The company, Imperva, analyzed 32 million passwords in December 2009, and discovered that:

• 30% of all computer users select passwords of 6 characters or less.  The shorter the password, the easier it for a hacker to guess.
• Nearly half of all computer users create easy to remember (and therefore easy to guess) passwords, using slang words, dictionary words, or familiar number combination.  The most common password, for example, is “123456”.  Among the top 5 passwords are:  “12345”, “123456789” and “password”.
• Half of all computer users use the same password for all the websites they visit. This means that once a hacker figures out a victim’s password at one site, it’s easy to invade that person’s accounts on other sites.
• Almost 60% of users create passwords from a limited number of characters.  Passwords should not spell out a recognizable word and should contain upper and lower case letters along with numbers and special characters such as “!@#$%%^”.

If you’ve made any of these mistakes, you should take the time to review and change your passwords. Choose strong passwords and use these techniques to help remember them.

How many of these mistakes do you make?

1. Use the same password on every site. Imagine if everybody in your neighborhood had the same front door lock.  A thief who stole your keys would have access to the contents of every house on the block.  We don’t do it with keys and you shouldn’t do it with passwords.  There are tricks you can use if you have trouble remembering lots of different passwords.
2. Use “password” for your password. Or your username.  Or your birthdate.  So many people do this that when hackers are trying to guess your password, they often try these obvious ones first.
3. Write your password on a piece of paper and post it on your computer. You trust your co-workers and your family members, but don’t forget that occasionally strangers (e.g., repair people, cleaning people, clients you don’t know well, etc.) may be near your computer.
4. Make it too short. The more characters your password has, the better. Most applications require at least six to eight.
5. Make it too weak.  A good password should be a random collection of characters; it should never spell out a real word.  Instead, it should include upper and lower case letters, numbers, and special characters like “^” or “%”.
6. Assume it’s okay to have a weak password on your e-mail account. People often think, “It’s only my e-mail. Who’d want to hack into my discussions with my spouse about what movie we’re going to see?”  That part is true.  But it’s also true that when you forget a password, most applications e-mail you a link that let’s you reset.  Some actually even e-mail you the forgotten password.  A hacker in your e-mail could get access to another more important account that way.
7. Keep the same password forever and ever.  Hackers can be a patient bunch.  Keeping the same password gives a would-be hacker months, weeks, even years to guess it.

A good anti-virus package protects you in several ways:

• The anti-virus part of the package scans your computer files on a regular basis looking for malicious programs that may have come to you from other computers.
• The package should also include anti-spyware protection to guard against programs that lurk on your computer and keep track of what you’re doing.
• A firewall is essential to prevent unfriendly content from reaching your computer through your Internet connection, so most basic anti-virus packages include that too.
• And because new viruses and threats are being unleashed all the time, your software has to stay up to date in order to find them.  Therefore, a basic anti-virus package usually goes out to the Internet on a regular basis to pull in updated virus information.

You can also choose to install a more sophisticated Internet security suite.  An Internet security suite goes beyond the basics and may include a way to:

• Verify the safety or authenticity of the websites you visit;
• Remember your passwords and protect your personal data;
• Protect you from spam;
• Back up your data.

Top Ten Reviews compares the leading Internet Security Suites.   Click here to see their side-by-side comparison.

Don’t use the same password for every website.  Hackers are everywhere on the web and they’re looking for accounts and websites to break into.  When they come across someone uninformed enough to be using the same password on every site, they’ve struck gold. Once they figure out how to get into one of your accounts, they can get into all of them.

Don’t use something obvious.  Everyone uses their name, their birthdate, their children’s names, their children’s birthdates, their social security number or their significant other’s personal information as passwords.  These are too easy to guess, particularly if the hacker knows you, and much of this information can be found in online public records or in your social networking profiles.

Don’t assume that your e-mail account doesn’t need a tough-to-crack password because there’s nothing all that important among your e-mail messages.  For most people, that’s just not true.  Many people receive invoices online and those invoices often contain account numbers and other personal information.  Even if you don’t get bank statements or invoices e-mailed to you, you’ve probably had to have a password e-mailed to you because you forgot it.  If those password-reminder messages are lying around in your inbox, archived in a folder, or in your deleted items waiting to be permanently removed, a hacker who gets into your poorly protected e-mail account can find them.  Or, they can arrange to have a password reminder e-mailed to you and then log into your account and get it.  Also, don’t forget about sensitive information that clients sometimes e-mail to you.  Those items may be in your inbox as well.

Don’t write your passwords on notes that you leave taped to your computer or in your desk drawer.  Yes, many people still do that and of course it defeats the purpose of password protecting your accounts.

If you need to create a good password that you’ll be able to remember, try using a mnemonic device.  That is, make a password out of the first letters of a sentence or a phrase you will remember.  If the phrase is “I pledge allegiance to the flag”, you can use the first letters of the words to create the password ipattf.

Or perhaps you can easily remember the stops of the computer train you used to ride to work:  59^th Street, South Shore, Bryn Mawr, Windsor Park, 79^th Street.  Turned into a password they become 59sbw79.  This one, by the way, is even better than the previous one we created because this one contains numbers as well as letters.

The possibilities are endless—Bible verses, poems you know by heart, the words to your favorite song, the starting lineup for the 1962 New York Yankees!  Anything you know by heart but would be unrecognizable to someone else can be turned into an easy to remember password.  Use something that is ongoing or that there is more than one of and when you’re required to change the password, simply go on to another item on the list.  For example, if you were using the Pledge of Allegiance and you needed to change your password, you would go on to the next phrase:  “…and to the Republic for which it stands….”  The password would be a2tR4wis.

To make it a really strong password, it should be at least 6-8 characters in length and should include numbers, letters—both upper and lower case—and special characters (e.g., “@”, “*”, “!”).