The Secrets of Passwords!

By David Meacham, Certified Computer Consultants http://certifiedcc.com

You don’t like passwords. The ones that other people give you are impossible to remember mish-mash like ht72ms7kqn!!2j and the ones you pick for yourself are rejected for being too short, or not having any numbers, and the security guys always turn a weird shade of white when they see your password on a post-it note on your monitor. But this doesn’t have to be the case! You can make passwords that are secure, easy to remember, and safe to write down! How can this be? Well, read on.

+h3 M4g1c 0f l3tt3r $ub$+1+u+10n (or: The Magic of Letter Substitution)

If you choose a simple word for a password like ‘kittens’, you’d be in trouble. A common hacking trick uses what is called a dictionary attack, where a program goes through every word in the dictionary, trying one after another for the password until it finds the right word. Sticking a simple number after the word (like ‘kittens1’) is no protection against that attack, as the hackers are wise to such a simple trick.

The best way to confound an automated password-guessing program is to use numbers and symbols to replace letters. Use @ or 4 instead of a, 1 instead of I, 0 instead of o, $ instead of s, capitalize certain letters, and for bonus points add a number in there somewhere. ‘kittens’ Is easily broken, ‘123k1++eN$’ becomes much, much harder. Remember, you want both uppercase and lowercase letters, numbers, and symbols in a good password. You can also intentionally misspell a word, such as ‘kittenz’, but be sure that you can remember how you misspelled it! It’s better to have a simpler password that you remember than a complicated password that you have to write down.

The Joys of Mnemonics

So you can take any normal word and turn it into a great password (or P@$$w0Rd), but you shouldn’t use just one password for everything. If someone steals your password from something without much security, like a neighborhood association website, and it’s the same password you have at your bank, your great password won’t have protected you from that person stealing all of your money. So! Use different passwords. But how to keep track of them all?

The trick is to choose something about the place that will help you remember the password. An example: Let’s say that you decide to base your passwords off of the first letter of a place’s name; a website that starts with A will have a password that starts with A. So for amazon.com, all you need to do is take a word that starts with A, change some letters around, and presto! @pPle123. If you wanted to be a bit trickier, you could base your passwords off of the last letter of a place’s name, or the number of letters in a place’s name, or anything else that you’ll find easy to remember.

And if you’re the sort of person who just can’t remember things, it’s safe to write down hints that will remind you what password you chose. “A is a fruit” should be enough of a hint for you to remember to use @pPle123 for your amazon login, but someone else seeing the list won’t know enough to guess your password.

And what should you base your mnemonic list off of? Anything you can remember! The longer and more complicated the list the better, but if the only list you can memorize is the name of your family members or even just the months of the year, use that. Better to only have a list of five or six passwords in your head than none at all!

A Warning About "Security Questions"

Many sites will ask you to submit a security question that you can answer to reset your password if you forget it. Be careful! Some security questions are either too easy for anyone to guess in just a couple of tries (What is your favorite color?) or can be easily guessed by anyone who knows you even casually (What school did you go to?).

When confronted with choices for a security question to go with your password, be sure to pick one that is as obscure and unguessable as possible. A common technique for security pros is to ignore the question and just put a different password in the 'answer' space.

What's your favorite food? R0b0+$256. What was the name of your first pet? R0b0+$256. What's your mother's maiden name? R0b0+$256. As long as you have a consistent 'answer' to remember to give, you can pick something that can't be guessed by anyone.

A Quickie Letter Substitution List

@ or 4 = A
8 = B
3 = E
1 or ! = I or L
0 (zero) = O
$ or 5 or Z = S
+ or 7 = T
2 = Z

Some more-advanced letter substitutions involve using multiple symbols for a letter, such as |< for K or |3 for B. They can be tedious to type, however, and the basic substitutions are often adequate.