In password security part 1, I explained about the importance of having a strong password as the first and most important line of defence in any security strategy. I also gave you a site that allowed you to test how secure your password is (testing is essential in security).
In part three I will give you a way to securely store all the many different passwords you will have once you realise why having one password for all your accounts is a seriously bad idea.
But for today, I need to explain what makes a good and memorable password, which will act as your master password.
So let’s start out with why having a single password that you think is pretty solid that you use everywhere (usually attached to an email address) is a bad idea. It’s a fairly simple explanation. Hackers seek this kind of stuff out. Your password gets cracked once, the hacker has access to all of your accounts. They can find out where your email address is used on the web and try every single place.
Next, let’s look at the usual passwords people use. First off, probably the most used password in the world, Password123. OK it’s laughable I know, but it really is used. If we look at it there are 3 things that I can point out, right off the top of my head.
Number one – the first letter is capitalised. Hackers know this and use that information when they use dictionary attacks on password files.
Number 2, the word is a dictionary word. What we are talking about is a fraction of a second for any word in a dictionary used as a password to get cracked.
Number 3, numbers at the end. Once again, because most people do this with passwords, hackers know it and factor it in.
I know this is how people put passwords together because I have had passwords structured exactly like that – and I’m security aware!
An alternative to this may be to use numbers in place of letters where possible, i.e. P455w0rd123. Well guess what? Hackers are onto that too.
So now we know what makes a bad password, but what makes a good one?
First thing is that it is as long as it is allowed to be. What I mean by this is that some systems will have limits on password size – perhaps for example no more than 16 characters.
But for now, let’s assume you can have a longer password. I like to pad my passwords at the front and at the end with numbers. It helps. Next no dictionary words, but we can have a phrase. So I’ll pick a movie title as my example. The move I choose is The hitman’s bodyguard.
Knowing that capitalisation is usually put at the beginning of words I instead put my capitals at the second letter and the second last letter.
I then add in a couple of special characters to replace some of the vowels. Notice I don’t use the same character twice when there are two a’s. This is as a defence against cryptographic analysis (that’s whole ‘nother story and too indepth for here). But notice that in order to remember it, the special characters progression – 3,4,5 on the keyboard or #$%. Also only the e’s and the a’s are replaced with special characters.
The final attribute I would like to point out is a space between body and guard. Spaces are very good to put into passwords – no one ever seems to think of them for some reason.
What we come up with finally is:
It’s easy to remember (well if you remember the rules that you used to create them).
So that’s the low down on how to create a memorable, yet uncrackable password. Run it through an online password checker and see how many years it would take to crack.