As I talk to clients or visit them in their home or office it most often requires that I have access to passwords. One such person has a list neatly printed out sitting next to his keyboard. Now that my friends, is security.
Late this year both my Twitter and Facebook accounts had the passwords hacked. Other than a hundred or so SPAM messages sent on Twitter the damage was minimal. Imagine if it had been a bank account?
After that happened I decided to increase the security level of my passwords.
Hackers run password crackers that can spew out millions of combinations in minutes. Consider that a six letter password, using all letters or numbers can be hacked in less than three minutes. That’s 308 million possible letter combinations using all upper case or all lower case letters. Throw in letter/number combinations and it only takes them a few extra minutes.
If your password only contains letters and numbers, or a combination of the two, I would suggest reading on.
One of the challenges I faced was having so many passwords. I really did not want them all to be the same, so I devised this system after researching the subject.
Step one:
The first part of a unique yet memorable password is the prefix identifier. The rule can be this simple. Use the first two or three letters of the name of the web site you’re accessing. For this example, we’ll use three. For Twitter, it would be “twe” and for Facebook, “fac” etc. Think of that as the area code of your password.
Step two:
You want at least two special characters for security, three is better. Special characters are found on your numeric keys. For example; &^%$#@, etc.
For this example we’ll use “$*&”. That will become the second portion of your password, and will remain the same for all sites.
Step three:
Pick a core password. For this example we’ll use “notre”
So, for Twitter it would be – twe$*¬re
For Facebook, it would be – fac$*¬re
You now have a password for each site that’s easy to remember, but it’s still unique. You may have to make a few adjustments here and there, as some sites do not allow special characters in a password. Personally, I just avoid using them. If that’s how serious they take security, I’ll go somewhere else.
Also, I make an exception on email, bank account and credit card sites. I follow a different set of criteria, but the same basic rules.
In addition, if you’re sharing passwords on sites that do not have a way to setup multiple users, use the same rules as above, but use different special characters and a different core password. No sense having your cow-orker figure out your secret and hack into your email.
No related posts.
Entries (RSS)
Tell ‘ya Dan…if this stuff keeps up (and we all know that as long there is ONE hacker…it will), we’d be better off trying to get an ENIGMA machine (maybe on eBay?)…!
But you do offer up some fine “ideas”…
Thanks.
Color me guilty. Maybe even worse than guilty. I have firefox save my passwords. (I am lazy) So all you have to do is find them with in the program. And I have a book laying right here with them all written down (I like things handy).. Hope you were not talkin bout me? My New Years resolution will be to follow your suggestions. Thanks for the good information.
I created an abstract wallpaper a few years ago with 50 or so 13 character words printed on it somewhere. Then I substituted certain special characters…
Ok, for example pick some words from here, http://clubefl.gr/games/wordox/13.html
then replace certain characters with special characters or numbers… ex. a=4 or a=@, b=8 or b=&, e=3, t=7 or t=+, i=1
Then a word like accessibility becomes @cc3ssibili7y and agriculturist becomes @gricul+uris+
You can even use this exercise to build vocabulary and maybe even do some etymological mental workouts.
Great post; take a look at KeePass – http://keepass.info/features.html