Choosing a Password
With various biometric security systems beginning to hit the market, people are talking about the death of the password. While they may eventually replace the password for security, the truth is that is still a few years away and right now the password is still your best bet. The issue many people face however is the sense they have to choose between an easy to remember and use password and an effective or secure one. The good news is there is no reason you cannot have both with just a little though.
The first issue at hand is to find a password that will be easy enough for you to remember. The reason this method fails for so many people is they make it obvious, will use a word, letters or numbers of significant meaning to them. For example many people use birthdates, anniversary dates, initials, names of pets, children, address or any other choice that is directly related to their life. The problem is these choices are easy for other people to find. Most of the information I have mentioned above could be easily found by looking at 90% of peoples Facebook page, add a slightly more determined hacker and you can see how easy it is to crack these passwords.
To pick a good password we must begin by not using the obvious. To make a password easy to recall we should have it reference something that we commonly think of but we have to find our way out of these obvious choices. A step in this is the realization that as password does not need to be confined to normal parameters. We do not need a word or number set specifically to create a password and while the lower limit of many passwords may be 8 characters that does not mean we need to stop there. In the early, pre tech days, passwords where not the most commonly used method, instead it was pass phrases. This is a good place to begin our quest.
Instead of individual words we should look to begin our password search with phrases. Lets say you are a Star Trek fan, a number of quick phrases should pop to mind that are fairly easy to remember.
For example: BeamMeUp, HesDeadJim, INeedMorePower, PhasersOnStun,WarpFactor8
Each of these are common phrases that pretty much any Trekkie and even none Trekkie can recall easily. However I said to avoid the obvious and so a die hard Trekkie would be best to not use these. However if you have ever watched Star Trek these pass phrases will work for you. This is an important step, you see I am looking for a pass phrase that to someone that was a fan of it’s origin would be common but to you, might be a side event at best. By taking this route the would be hacker will have a harder time figuring out your phrase of choice.
You can take this to an extreme even. Maybe your favorite thing is football, I for one am a huge Saints fan. Now again it would seem normal for me to pick a password based on the Saints or football. What if I went the other way and picked my password as something about my hated rival the Atlanta Falcons, or instead of football chose something with a sport I have zero interest in such as golf? While I care nothing about golf and all my friends know this, I have picked up phrases and words that I know well enough. A little misdirection can go a long way.
So using the information we have used above lets begin by selecting a new pass phrase. I have decided that for this article I will use my disinterest in golf and my age to pick a password, so lets try TeeOffAt CaddyShack. This is using a common gold phrase and an old movie reference related to the golf phrase to give me a simple password for me to recall. Sine people think of me as a football phone and know I am dismissive of all things gold related, neither hating not liking, it is an obscure enough reference in relationship to me personally for it to be hard to pick out.
with a base phrase in place however I have noticed that it is still fairly simple. I need to make this a bit harder to hack. The way to do this is to realize you have the entire keyboard at your disposal for picking a pass word, not just numbers and letters but capitalization and special characters as well. The base phrase gives us a base to work from now we will use it to make a real password.
Capitalization is one of the most common methods of modifying a password but people use in a way to common manner. We tend to capitalize first letters or entire key words. What we want to be is be unconventional, use capitalization in places where it makes no sense except to us. For example maybe we capitalize all of a specific letter, or letters where they appear double. Find a method that makes sense to you and apply it.
For our example I will use capitalization on letters that appear double in the passphrase only, so our passphrase now looks like this: tEEoFFatcaDDyshack, beginning to look like one of those crazy passwords isn’t it.
Next lets try some number replacement. Many numbers can be used to directly replace letters and still make sense to use, for example 0 can replace O or a 5 to replace an S. Of course you can probably find a way to add numbers in other manners as well such as an important date can be attached to this phrase since it would not have the same meaning to others. For our example I am going to do a simple number replacement and replace the O with a 0. Our passphrase now is tEE0FFatcaDDyshack.
As I said however we are not limited to just letters, numbers and capitalization, we have special characters as well. One of the most common uses for this is word replacement, there are certain characters that over the years have a word associated with them. This again adds another layer to the passphrase but we are choosing it to make sense to us so the phrase does not become hard to recall. Lets do a symbol replacement now to our pass phrase and turn it into tEE0FF@caDDyshack , wow this looks like a much more complex password that it would seem to be from our working it out.
Now that we have a solid base I want to take this one step further, I want to simplify this a bit by doing a simple word replacement, so I am going to remove the spelt out Tee and replace it with the letter. This makes our final passphrase t0FF@caDDyshack. Now we could reduce this further by knocking the word shack off the end, we could also add a number to this as well that is easy to recall but the base passphrase is one that we have created so we can easily recall it and then tweaked it so it is not so easy to guess.
While I used some specific examples, the methodology I used is easy to apply to any passphrase you want to create. The good news is that since the base phrase is from something you choose it becomes easy for you to recall it and yet in the end we have created a fairly complex password.
Now for one last point, many sites suggest using different passwords for every place you log in. I will not say this is a bad idea but I think it is overkill. My rule of thumb is a different password for every type of location. For example I have a password I use for my financial work, such as banking and Paypal. I have a different password for my purchases, such as store sites and yet another for my work and finally one for my play. Now this might seem like a lot of passwords to recall but using the method I have described it is easy to manage. Each password is in some way related to what I think about with each environment I am dealing with.
The other suggest you hear is to change your password often. Well often is a rather obscure term. For me I have 4 base passwords so I change one of these every 3 months. For example January 1st I change my word password, April 1st my Play, August 1st my financial, November 1st my purchase. Now I personally have these set in my calendar to remind me but you can pick the time and method you choose to do this.
Your password is your protection in the online world. It allows you to make sure that you and only you are the one doing the things you want done. The method I have described is literally one of dozen of methods for creating passwords. There are programs you can buy to make and recall your passwords and other creation methods and all work with various degrees of success. The method I have shown you today is one I have developed over years of password use and it works for me, find the method that works for you. However whichever method you use take the time do do it right, simple password selection puts you at risk, surely your privacy is worth a few more minutes in choosing your password.