The problem that most people have with passwords is that usually they make them very weak. I don't know how many people I have consulted with that have revealed passwords that were not only weak, but would be relatively easy to guess. Hint: Never use your name, birthday, anniversary, or any other personally linked information that is a matter of public record as your password. Also, never use a dictionary word as your password. If you do I could easily breech your account in a few minutes using brute force with a small script and a large dictionary. A brute force attack is simply using every possible combination of a password. A program can be written (and several are available to download) that can try every single word in a dictionary on your account. Brute force can also be applied to passwords that are known to be numbers of a specific length. The four-digit PIN that you use in the ATM is very weak and can be cracked in minutes or even seconds because all the program would have to do is test 0000 - 9999. Fortunately, there is no way to hook up a device to an ATM, besides which, most bank ATMs have a limit on how many PIN attempts you can make before confiscating your card.
However, I digress. It seems that the primary reason (at least from those I have talked with) for choosing such weak passwords is because they are easy to remember. Many companies have IT departments that try to combat this practice by enforcing password rules such as, "password much contain at least one number and one special character". The problem with this is then users generate passwords like "Johnson@68" or they write their password on a post-it note and stick it to their computer screen defeating the purpose of having a password in the first place and while "Johnson@68" is better than "Johnson", it's still weak. I feel that IT departments are going about it all wrong. Imposing rules for passwords is not going to force users to create strong passwords. They're just going to find ways to bend the rules to suit their memories. What IT departments need to do is educate users in how to create memorable passwords that are hard to break and that is what I'm going to do right now.
There are tons of password generators out there that you can use to create nice strong passwords of any length, but these are very hard to remember because they are comprised of meaningless random letters numbers and symbols. So the trick is to get those seemingly meaningless characters to mean something to you. One generator that I like for this is SafePasswd.com. This online generator creates unique passwords that are somewhat easy to remember because it mixes real words with special characters. For example, I created this 12 character password using it: 0@pIzZeRIA_7. It is fairly easy to remember because it is composed of 0@PIZZERIA_7. However, I must also remember which letters are shifted, which makes it a little bit harder, especially when the password is much longer. You can get to the site by clicking the button at the bottom of this post.
However, you don't need a generator when you know how to make your own strong passwords. One way to do this is to think up a phrase that you will have no trouble remembering that is of sufficient length to create the password you need and then convert the words and special characters into the digits of your password. For example, let's say the IT department says I need to have a password that is at least 12 characters in length, has at least one number, and at least two non-alphanumeric symbols. I first think of a phrase that is meaningful to me and has the characters to cover the requirements, like: "There is one thing that I like about working here; GOING HOME!" Now I simply convert each word to a character of my password; "Ti1ttilawh;GH!" Viola! A 14 character password that more than covers the requirements of IT that I can easily remember, but would be very difficult for anyone to guess. When you pick a phrase, play with capitalization and special symbols. Compound sentences with proper names in them are great or even two sentences. Also change words like won, to, for, ate, at, number, dollar, percent, carrot, and, star to 1, 2, 4, 8, @, #, $, %, ^, &, *. "My 12th grade math teacher, John Davis, sucked at lectures and personal hygiene!" Becomes, "M12gmt,JD,s@l&ph!" Seventeen letter e-mail password that nobody would ever break. You get the idea. Simple.
The second technique I will show you just requires that you can remember a pattern. Patterns tend to be easier to remember and are particularly easy to remember when you are the one that invents the pattern. The first step in this technique is to choose a letter from the middle two rows of the keyboard excluding Q, A, ;, ', [, ], and \. This leaves you with a choice of W, E, R, T, Y, U, I, O, P, S, D, F, G, H, J, K, or L. Once you pick that letter, you are going to have 8 letters that adjoin it. For instance, say you pick O. Your pattern layout will look like this:
8 9 0
I O P
K L ;
Now you can make any pattern you wish, of any length you wish, out of not just those nine character, but their shift equivalents as well. For example, say I want a 16-digit password with some numbers and special character in it. I could start my pattern at 8 and make two clockwise circles around O with the second circle being shift characters. So my password would look like this: 890p;lki*()P:LKI
Using the same base I could also create this password: 0(8O;Lk*iK9)o:l That password was created by tracing the initials SB over the pattern and shifting every other character. The combinations are endless. Although you can use any of the letters I listed above as a base because they all have eight adjacent character keys, the letters S, D, F, G, and H, do not have any numbers or special characters adjacent so avoid them for the strongest passwords. Also, J and K only have 2 and 4 special characters and no numbers, so these although better, are still not the strongest bases for your pattern.
Those are just a couple of techniques to have you creating strong passwords in no time that you won't have to write down. You should not use the same password for all your accounts and a recent event illustrates exactly why. The PlayStation Network was hacked into a few months back and user names and passwords among other things were compromised. Now someone has the password to my PlayStation Network account. However, if the password is also the password to my bank account, they now have potential access to my bank account. Using the techniques I have shown you should have you creating unique passwords for all of your accounts with no problems. If you have any other tips for making strong and memorable passwords, share them in a comment to this post.
No comments:
Post a Comment