August 20, 2014

The Easy Way To Create Kick-Ass Passwords You Can Actually Remember

  • Subline: the haystack approach

If online safety and security isn't a concern to you then you are going to get in trouble sooner or later. Books have been written about this subject but let's just focus on one simple point. Passwords

"The single biggest threat to the security of your online accounts is the login passwords that you use."

Here are current best practices and tips on how to create and use secure passwords. First the rules then the tips that make them easy to follow.

Best Practice Rules:

  • Use a unique password for each online account
  • DO USE random words. DON'T use random characters
  • Include some capital letters, numbers and symbols like hyphens
  • The longer the better. shoot for 12 or more characters

Ya I know that's pretty hard core. Here is how to manage this in your head. You have to create a set of rules that you can use to create and remember a hardcore password.

Easy to Use Tips

DO NOT USE these tips as is. Change it around to fit you.

  • Step 1: Create a core set of 3-4 random words. You will always use these words.
    Here are my 3 words: bells utilize energetic
  • Step 2: Remove the spaces and capitalize the last letter of each word.
    Result: bellSutilizEenergetiC
  • Step 3: Put a number at the beginning and end of the core words
    Result: 3bellSutilizEenergetiC8
  • Step 4: Put any number of symbols at the beginning or end of this Result: 3bellSutilizEenergetiC8**
    This is the core set that you will always use so memorize it.

Now 3bellSutilizEenergetiC8** is a pretty rocking password BUT there is one big problem. It has to be unique to each online account.

  • Step 5: To make it unique take parts of the domain name you are logging into and add it to your password. Use the first 2 and last 1 letters of the domain name at the start of your password. Example for logging into wellsfargo.com: weo Result: weo3bellSutilizEenergetiC8**

To see how secure this password is go to https://www.grc.com/haystack.htm and enter our example kick ass password: weo3bellSutilizEenergetiC8**

According to GRC, if a hacker used a Massive Cracking Array Scenario (basically a super computer) it would take 76.43 million trillion trillion centuries to crack.

Now this is a secure password and all you have to do to remember is it remember your core set of 3bellSutilizEenergetiC8**

Why bother if hackers can steal your password from a website?

Ok so let's say that you follow these rules and tips and you create unique, hardcore passwords for all your online accounts. Let's say one of these websites gets hacked and they steal your password for the account at that website. Because that password is unique to that website the passwords you use for other websites are still safe.

But can't the hacker figure out my password logic and guess?

Remember, hackers are dealing with thousands or millions of compromised passwords that they are trying to use to hack into millions of other accounts, and they don't know which of them you have accounts on. They are simply going to use your compromised password to log into to a huge list of other websites. Because your password is unique (even by a little) their attempt will fail and they will discard it and move onto someone else's password.

The hacker is searching for a needle in a haystack. The key to keeping safe is making your haystack as big as possible.

More Blog Posts... « Newer Post