Sonnet Media

Most passwords suck. They're often based on things like kid's names or so short and simple a hacking program could figure them out in no time flat. 

I understand the need for simplicity when we have so many log-ins for so many Websites. I have about 200 different log-ins, so I've have had to deal with this issue. But it doesn't have to be hard. Here are some simple strategies:

First, let's look at what the National Cyber-Security Alliance suggests and then we'll put them into a couple of easy, usable rules.

• Use passwords that have at least eight characters and include numerals and symbols*.
• Avoid common words: some hackers use programs that can try every word in the dictionary.
• Don't using your personal information, your login name, or adjacent keys on the keyboard as passwords.
• Change your passwords regularly (at minimum, every 90 days).
• Use a different password for each online account you access (or at least a variety of passwords with difficulty based on the value of the information contained in each.

The one rule here I concede to the needs of simplicity is the second, using common words. However, what I do to is to combine two words so that together they make one non-word. I typically add a non-alpha character between them and, if I want to be difficult, I'll make one random letter uppercase. Here's an example to show you that this is easier than it sounds:

Say I like elephants. And say when I think of elephants I think of their big trunks. So maybe a good password would be

elephantrunks

That's a start, but maybe I can make it better. I'll make "trunks" into "chunks" since chunks don't go with elephants, but is close enough in sound to remind me what it might be.

elephantchunks

Nice, but let's complicate it just a bit.

I find the * symbol easy to type, so I use that.

elephant*chunks

You could stop there and have a pretty secure password, but if you wanted it more secure, change p to P

elePhant*chunks

Now, that's a secure password. I read this technique somewhere and the author figured it would take billions of years for a bot to figure it out, and his was simpler than mine.

If you don't want to go through those creative hi-jinks, you could also break words up in unexpected ways, by putting a hyphen or other character in-between words.

This is an even more secure password: elePhant*ch-nks But could be many variations.

The key is to figure out words that are not directly related to you (I use animals) but you'll remember. I find the funnier the better, but I won't reveal to you mine!

The Cyber Security Alliance also has a suggestion that is worthwhile:

"One way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "How much wood could a woodchuck chuck" would become HmWc@wC."

Equally good. These are all tactics to help bridge memorability and security, so whatever works for you personally is best.

The last two rules the CSA gives are pretty difficult to do, but here I use priorities. The passwords you have for more critical functions, like on-line banking, should never be the same that you'd use for something like signing up to a magazine's Website.

The reason might not be as obvious as it seems. First of course, you don't want to compromise banking passwords in any way (these too are the ones you should certainly change periodically), but not all password storage is the created equal.

Lastly, there are good ways to manage passwords. My favorite (seems like I couldn't live without it) is "1Password" by Agile Solutions, but I think that's a Mac only application.

*8-12 characters is usually a good length, although 12 seems to be a sweet spot for hacking difficulty. Some programs don't allow for very long passwords, although very often you can go as high as 32.

Helpful Links

http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html
http://www.staysafeonline.org/content/top-cyber-security-practices-tip?page=5
http://www.dhs.gov/files/programs/gc_1158611596104.shtm

blog comments powered by Disqus