chriswaterguy ([info]chriswaterguy) wrote in [info]appropedia,
2010-03-30 18:59:00
  • Previous
  • Memorize
  • Share
  • Next

Password security

I've had several emails from friends lately, enthusiastically telling me to buy from a certain site. Of course, their accounts had been hacked, to their embarrassment.

So, you need to do a few things, including using a safe browser with enhancements - Firefox with the NoScript extension is good, but more on that another day.

For today, let's make a hard password, i.e. one that's hard to crack, but still easy to remember. And you don't want the same password for every site.

I suggest an algorithm, and I'll explain how. This will take work, but it's worth it to save headaches, and prevent your mail or your computer being hijacked as hackers and phishers become more sophisticated.

Easy version:

If your eyes are going to glaze over reading a long semi-geeky post, I'd rather you left with something. So here you are:
  1. Choose a word or name. Not too obvious, not too short.
  2. Choose a number. Not your birthday, not your age, not your current phone number, not something others would guess, but something you can remember. Say, a sports score (but not the most famous game in your favorite sport - too obvious). Or your age when you (did something memorable (but not the first thing that others would guess - not when you met or married your spouse).
  3. Choose something from the address of the site you're logging into - the same thing for every site. I might choose the second and third letter, which on Appropedia.org would be "pp" and on Globalswadeshi.org would be "lo". But choose your own variation.
So you might have Luigi28pr - that's not the hardest password out there, but it's a lot better than your sweetheart's name and birthday.

Serious version:
But first, some absolute no-nos for passwords:
  • Names Of Pets
  • Girlfriend's or boyfriend's name
  • Kid's Names
  • Grandkid's Names
  • Parent's Names
  • Any name, especially a girl's name
  • Addresses
  • Phone Numbers
  • Birth date
  • Last 4 digits of your social security number, or any number that others may have access to.
That's to say, don't use any of these on their own or with another easy-to-remember string. If you use one or two together, and add something else that's difficult to guess, you're getting somewhere.

Now the algorithm - a way of having a unique password for each site, that you can remember (or at least work out) when you need. You'll need to work out your own, but the basic idea is to have a fixed part and a changing part.

Fixed part:

The fixed part might include:
  • The date of an obscure event that you can remember, or look up in Wikipedia if you need. It might be an event in history that you studied, say the coronation of a certain queen, but don't pick 1492 or anything equally obvious. Just make sure you can remember what the event actually is so you can look it up if you need.
  • The birthdate of someone not in your immediate family, and not your partner. Be sure it's one you can remember.
  • A name - preferably an obscure, non-English name.
  • An obscure foreign word.
  • A nickname or private joke word from your childhood, that isn't in the dictionary.
For the name or word, choose an unusual capitalization, but one you can remember. E.g. if the name is Andreas, you might choose andREAS. Practice typing it a few times, and make sure it sticks in your head. For extra points, you can deliberately misspell the name as long as you can trust yourself to remember the spelling you chose!

Now, any of these makes a weak password on their own. But pick at least one of the words and one of the numbers, and put one after the other, in an order you choose, e.g.

NAmtan1037andi

I know that namtan is Thai for "sugar", 1037 is the year that (pick your event) happened, and Andi is my friend's name (which I chose to spell with an i instead of a y).

Now do this, but be sure it's something you can remember. You can make it simpler, or more complex. I have a good memory and I go for more complex passwords than I've described here. But even choosing "namtan1941" or "verde1945" for the first part of you password is moderately safe, and thousands of times safer than "sally".

Changing part:

Look at the name of the site or the business that you need the password for. You need to use this to create something , but not something too obvious. This might be:
  • The last two letters of the name, advanced one place in the alphabet. E.g. from Google, "le" becomes "mf".
  • the first and third letter, stepping back one place, so from Yahoo, "yh" becomes "xg".
Make your own - choose the number of letters and how you capitalize it, or not, and a method that you can safely remember, and stick to it.

Putting it together:

Combine the two, in the order you choose. E.g. If the fixed part is NAmtan1037 you might put it before and have xgNAmtan1037
or in between and have NAmtanxg1037.

That's a lot safer than your sweetheart's name.

In case it's not obvious, I don't recommend using any of the examples here. Make up your own - and stay safe.

Note: I haven't recommended using symbols - these are a great idea in theory, but some sites actually don't let you use them. A pox on them, but in the meantime, it's better to make you password hard another way.


Also see Password security #2: mnemonics
Tags: internet security, passwords

  • Post a new comment

    Error

    switch
     
    Help
  • 0 comments
Create an Account
Forgot your login or password?
Facebook Twitter More login options
English • Español • Deutsch • Русский…