How to make your passwords hack-proof

PITTSBURGH — Security experts said there were more than one billion hacking attempts last year. In this Target 11 investigation, Robin Taylor takes an in-depth look at how thieves are cracking your codes, and how to protect yourself.

Not to make you paranoid, but it is absurdly easy to get hacked, especially if you have a common password.

"In this day and age, it's not if you're going to be hacked, it's when," said Rick Wallace, a cybersecurity expert who has handled thousands of hacking cases.

Once the bad guys are in, they can do a lot of damage, hurting you financially or even destroying your reputation. Chris Autry knows all about that. His Yahoo account was hacked five times in six weeks.

"You have to do some damage control. You have to call friends and say, 'Hey, man, I'm sorry you got this,'" said Autry.

The hackers bombarded his contacts with spam, and then they sent out obscene material.

"The worst one was porn. It was highly offensive," said Autry.

What makes this story even worse is that Autry is a Baptist minister. He was terribly embarrassed.

"It's horrible. It's just horrible," said Autry.

Rick Wallace is a cybersecurity expert at Tiversa. He's helped thousands of victims, like Autry, restore their reputations and their credit.

He said the most common mistake people make is using the same password for multiple accounts. Hackers will get in through the weakest link with the least security and then they can do real damage.

"Once you get into their social networking website, you can pop right onto their banking website and continue on," said Wallace.

It takes 10 minutes for a hacker's computer to crack a six-digit lowercase password, like "monkey." It takes about ten hours if it's upper and lower case, "MonKey." Add more digits and special characters and it becomes infinitely more difficult, "$0Mon.#kEy!+11."

Yet most of us use simple combos that are easy to remember, like "abc123."

"I can find out your dog's name. I can find out where you were born. I can find out your date of birth," said Wallace.

Wallace recommends using upper- and lower-case letters along with numbers and punctuation, and the longer, the better. Stay away from names, places, colors or dates. And change your password every 30 to 60 days.

Rick also said to be creative with those security questions, even giving fake answers that no one can find online.

"For example, 'Where were you born?' Instead of where you were born, because I can find out where you were born, instead of using that answer, how about using your favorite city?" said Wallace.

Complicated passwords are harder to remember, but they're also harder to decode.

"Sure, is it difficult to enter that in every time? Yes. But is it worth it? I've never been hacked," said Wallace.

As for Autry, he's fortunate the hackers didn't ruin him financially. He's closed his Yahoo account, and opened a new one with another provider. This time his password is much stronger.

"Now, we've just encrypted it even more, so hopefully it will stick," said Autry.

The ultimate password protection uses something only you have, like your fingerprint or an iris scan, but it's only used for the most secure systems.

There are programs you can use to check how strong your passwords are like the Microsoft Password Checker. Just enter your password to see how strong it is.  You'll find helpful hints as well.

WPXI