Tags: privacy; security

Excellent story in the The New York Times this weekend about how to create strong passwords and the best practices used by Web-based apps for storing passwords.

This Website Is For Financial Professionals Only

"If your user names and passwords are sitting unencrypted on a server, you may not be able to sleep at all if you start contemplating the potential havoc ahead," writes Randall Stross in The New York Times.

Stross points out that the reason hackers were able to steal passwords from Sony's PlayStation Network was that the passwords were not stored encrypted. It's simply mind-boggling that  a company as big as Sony would be so sloppy.

Stross recommends you create passwords that are at least 10 characters in length and that are not words you'd find in a dictionary.

That's because "dictionary attacks" go through every word in the English language to crack a password.

So, in a password, if you substitute a non-alphanumeric character--such as a *!@$ and other symbols--for a letter, then you can make a hacker's effort much more difficult.

The Times says it would take about 20 years for a computer to crack a strong 10-character password.

Even more impressive, Stross describes the right way for companies to handle password storage, says a password "should be encrypted before it goes up to the cloud and then decrypted when it returns."

That's a lot of detail, but advisors should ask their secure apps if they meet that high standard.