Sunday, April 13, 2014

Creating a secure password you can remember

When someone gains access to your accounts by guessing your password, it's not really hacking per say - it's some combination of guessing and typing.  The modern world is populated (in part) by malicious guessers and typists, most of whom luckily do not possess the skills or tools to actually hack your password.  There are, however, tools that can be downloaded by anyone that do the guessing and typing for someone.  When you are hacked in this way, it is usually because your passwords were not strong enough, leaving you vulnerable to this basic type of attack.

The purpose of this article is to provide you with a method to come up with secure passwords you can remember that will protect you from typists and guessers, not from government agencies or determined people who really want access to your data.  It's a method of password authoring that will help protect you from basic attacks while at the same time giving you a method of remembering your own passwords.  If you're a person who's password is "beanbag1943" because you can't remember anything else - this article is for you ;-)

1. Choose a really good, long password sentence
Come up with a sentence you can remember.  The length doesn't matter, but longer is more secure. Don't worry, when less security is desired your long(est) password can be abbreviated.

Example sentence: My dinosaur spot is a dog

2. Turn your password sentence into a longest password
  • My dinosaur spot is a dog
  • mydinosaurspotisadog (spaces removed)
  • myDinosaurspotisaDog (some words capitalized)
  • myDin0saursp0tisaD0g (some alphabetic characters replaced with similar looking numeric characters)
  • myDin0saursp0t!saD0g  (some alphanumerical characters replaced with similar looking punctuational characters)
    • Note: Be careful here, because some services won't allow you to use certain special characters in your passwords.  These are usually older and less secure sites, but you’ll still need to access them.  As a result, the beginning of your password should be less secure than the end so you can use a shorter version when necessary.
myDin0saursp0t!saD0g is a pretty good password that meets most of the criteria required by, say, a modern banking website.  Using the same method, lets make a couple more longest passwords out of sentences you might come up with for yourself.

Hover your mouse cursor over the links below (don't click, hover) to view the password sentence these passwords were created from.



Okay, we're going to call those passwords your longest passwords.  They're pretty easy to remember if you remember the sentences.

3. Turn your longest password into a series of shorter passwords
  • Longest: iTw4stheb3stofw1nes!twaSthew0rst0fsoup5
  • Longer: iTw4stheb3stofw1nes!twaSthe
  • Long: iTw4stheb3stofw1nes
  • Short: iTw4stheb3st
Optional: Add some other characters

That's it!  You now have one very complex password and 3 others.  If someone was able to guess or obtain your short password they would still not be able to guess the long, longer, and longest ones.  Simply choose the level of password security you want for each site and use an appropriately complex password to access it.

Want to try it?  Print and fill out the Password Authoring Worksheet.  You can keep your passwords somewhere secure and offline after you're done, but you should probably destroy your worksheet.  After you've done it a few times you can probably do it on a blank sheet of paper anyway.  Definitely don't keep important passwords in public view.

General Advice and Suggestions
  • Create a new longest password at least every year
    •  A good label for your password would be "2013 longest", etc.
  • Combine old passwords with new ones to make different passwords!
    • ex: iTw4stheb3stDin0saur
  • Make certain you have adequate antimalware protection. You can have the best passwords in the world and still be hacked if you have a keylogger installed. 
  • Only create accounts and login to websites you trust
  • Only login to your accounts from computers you trust.
  • Only login to your accounts from locations you trust
    • For example, don't do any online banking from starbucks or an airport lounge.
  • Use coded Login Info Spreadsheets and to remind you of your login info - just in case
    • Tutorials on creating these sheets are coming soon!
  • When updating passwords, be careful when you type them so you don't get locked out!
  • Don't get locked out of your Google account
  • Don't keep your passwords in documents on your computer or the internet 
One last thing...

Never give one of your passwords to someone you don't trust (and never trust anyone you don't know), type it yourself. Never say your password out loud.  Never type it with someone watching.  Never brag about how you "use the same one for everything and it's so easy - it's my birthday".  Your password should be yours alone.  As far as the rest of the world is concerned, if someone logs in as you they are you.  The days of consumers being forgiven for having their account information stolen and misused are numbered... Be careful out there!

No comments:

Post a Comment