|
We can already hear you moan: "Not again, please! Yes, I should use passwords that are hard to guess. Preferably arbitrary sequences of characters, numbers and special characters that no living being can possibly remember. Just forget it!"
We hear you - and we understand.
And it's not about the passwords, they really don't care. It's about you and it's your decision. A decision about how strong you want the protection to be for whatever the respective password is protecting. Certainly there's a difference between your bank account and... you name it! iTunes? facebook? Email-account? Online-Pharmacy? Best-Buy?
There's a lot of passwords to choose, when you're using the Internet a lot (my personal password list contains >500 username/password combinations). Not to forget about passwords for your windows user account(s).
If nothing you are using that's protected by a password (but you have/had to choose a password anyway) is worth anything, you're fine using one of the most common passwords like "123456", "password" or your first name. Really, if it doesn't matter to you, if somebody else accesses the "protected" data, it doesn't matter. It's your decision and you're done reading this article.
If it matters, you should read on.
Password Requirements
Let's look at common password requirements, to get the general idea: a password should not
- be a known common or name
→ because it can be broken by simple guessing or an automated comparison against a dictionary (brute force attack)
- be used for more than one instance
→ because if this one password is broken, all accounts using this password are broken
- be too short.
→ because the shorter it is the less possible combination there are, which shortens the required time for a brute force attack
- A good rule of thumb for a password is 8 or more characters in a mix of numbers and letters
How do we get there without extensive memory training? Remember, as we mentioned in other articles about security, the elevation of your security level doesn't come for free. It doesn't cost you money, though, but a little bit of time (= inconvenience). Just a little.
Here's how I do it:
For a couple of years, I've been using a Password Manager program. You can find a link to it in the Web Links section. It creates unbreakable passwords for me, provides a structure to sort my passwords and I didn't have to remember a single password since then. Except for the one that provides access to my password manager. And this is a pretty safe password, that's easy to remember:
How to build a password that's safe and easy to remember
Did you ever have to learn poems or songs by heart? Yes, our brain is great in memorizing this stuff. Numbers? Not so much, let alone arbitrary sequences of characters and numbers. We're gonna use this ability.
How about this sentence:
"In 05 the Jersey shore was so beautiful when we went there for Vacation especially when the temperature exceeded 90F"
Now just take the first characters of every word and all the numbers (a rule that's easy to remember too) and you get:
I05tJswsbwwwtfVewtte90F
We think, this is a valid password. And it's easy to remember. It doesn't have to be that long, and on the other hand you can probably add another rule how to pick the characters. But you get the idea. I built my master password for my password file this way and I'm not afraid of anybody stealing this file, because the password in it are safe.
This way you can use safe passwords for every important purpose. You just have to start the program before you log in to one of your accounts and let the program fill in the required data. Moreover you can store all those nasty serial numbers for programs you have bought. No lengthy search for these codes in paper based files anymore. It's all there, safe and at your fingertips within seconds.
Did I mention that the program is free? Of course there are other program to do the job, it's just the one that I've been using for years and it certainly solved the problem for me.
If you have any questions about passwords that haven't been answered in this article, please feel free to contact us, so we can complement this article or add an article in the FAQ section.
|
