In today's electronic and Internet connected world, passwords are
an everyday part of life. However, how many of you are using a password
that is simple and easy to guess? Unfortunately the majority of
people still use a simple password using either numbers or
letters that can be cracked using most of the common password cracking
utilities on the net. However, what's the alternative? I would guess
between email accounts, credit cards, banking info, online sites, and
other accounts that most people have between 10 - 30 accounts or more
that require passwords to access. If you use a separate password for
each account, how are you going to be able to remember all of them?
What Makes a Good Password
First let's discuss what makes a good password.
- Length, the longer the password the better. Generally, at
least 8 characters or more.
- A mix of uppercase and lowercase letters
- A mix of numbers and special characters
- Something
that cannot be easily guessed if I know you. Dont use birthdates, zip
codes, phone numbers, first names of children, pets, etc.
- Something that is not found in a dictionary
Creating a Good Base Password
First create a base word to work from.
- Take a random bunch of characters, letters, numbers,
special characters and create a base word.
- Replace letters in a word with numbers or special
characters. For instance, the word "password", becomes P@s$w0rd
- Take
a sentence or easily remembered phrase and use the first letters of
each word to form a base word. Example:. "Now is the Time for All Good
Men to Come to the Aid of Their Country" becomes Nittfagmtcttaotc
- Take a dictionary word and spell it in reverse. Example:
House becomes Esuoh
Now
take your base word and make sure it follows the rules above for a good
password. For example, House can become E$u0h with some substitution
but its not long enough. So we add characters to the front and back of
it to make it longer. In this case, you could add the month and year to
it and be able to change the password each month so its more easily
remembered. For January 2012, the password becomes:
12E$u0hJan -
A ten letter password with a mix of numbers, letters (both uppercase
and lowercase) and special characters. This fits all the requirements
of a good password. On February 1st, change the password to 12E$u0hFeb
and so on. Every so often you can start with another base word and
start the whole process again.
The key is making the password random enough that no one could guess it
or use a dictionary attack to crack it.
How to Make the Password Even Harder to Crack
Here are a few more ideas for making your password even tougher to
crack.
- Don't
leave two of the same letter together in the sequence, For instance,
the word password has to s's in sequence, Substitution something for at
least one of the letters.
- Don't use common substitutions, always using ! for l, or @
for A
- Shift
your fingers on the keyboard one space over or back and type your
baseword, password becomes ]sddeptf with my fingers shifted to the
right one spot on the keyboard.
Although, there are many
more options to create a secure, remembered password, I hope these
ideas give you the ability to become creative when choosing a password,
instead of using a simple one in the future.
Using Your Base Password for Multiple Accounts
I
don't pretend to think that people are going to use 30 completely
different password for 30 accounts, but you could use your base
password and add a few characters to it for the particular account. For
example, my base word above 12E$u0hJan could be Ya12E$u0hJan for a
Yahoo account, or CB12E$u0hJan for a Citibank credit card, etc. There
are numerous possibilities.
Testing Your Password Strength
Some passwords are stronger than others, if you would like to test the
strength of your password, visit
Password Meter,
an online password tester.
Where to Save Passwords if You Can't Remember Them
One
of the first things people will tell you is not to write your password
down and keep it near the computer. I have seen way too many customers
that keep their passwords on a note card underneath the keyboard or on
a post-it note on their monitor. Although this is convenient, its not
the safest place for a password list. If you have to keep a list of
passwords close, why not keep it in your wallet or purse. Although
these could be stolen, along with your bank cards, credit cards and
such its still a safer place than underneath the keyboard.
Storing
a password list in a safety deposit box is also a good idea. You may
even want to store your password list on your phone or PDA - as long as
the list is secured and cannot be read by just anyone.
A better
alternative though is to use a Password Manager program to keep a
secured, encrypted copy of your password on your computer so they are
ready to access when you need them. These password managers generally
have a Master password to secure them, so you really only need to
remember one password to have all your passwords accessible. Here are a
list of my favorite password manager programs.
- Roboform
- one of the originals and a very good one. Now with Roboform
Everywhere, you can access your passwords on any computer you need
to. Roboform also has a password generator to create a random
password for you.
- Passter
- web app - A great online application that secures your passwords and
makes them available to you. Works with Google Chrome as well.
- KeePass
- an open source app that runs on almost any platform. Can also be used
with online storage providers like Dropbox to allow your passwords to
be access anywhere.
There are many other password managers, but the ones above are my
favorites.
I hope this article gave you a better understanding of passwords and
the need for a strong password for your online accounts.