July 20th, 2008 |  Print This Post |  Subscribe in a reader | Subscribe by Email |  

What says that creating passwords can’t be fun…?

The need for web users to create and remember passwords that are secure has been on a continuous climb since the advent of the internet. Due the ubiquity of the internet and the wealth of web applications like social networks and ecommerce sites, web sites have become the target of hackers, spammers and identity theft proliferators. For the security of personal information on the web, a couple of security measures are recommended - the most common being the need for strong password protection.

Example characteristics of a strong password that could form a password policy include:

• Password must have at least one uppercase character
• Password must have at least one number
• Password must have at least one special character
• Password must be 8 characters long
• Password cannot be part of your given name or login ID
• More than 4 characters cannot be similar to a part of the last 3 passwords used
• Password must be changed every 90 days

This may not be a problem for the tech savvy folks, but for others it might pose an issue especially if the same password is not used across multiple sites. When strong passwords are needed by companies for administration in production environments, some IT departments use generators that create strong pseudo-random passwords. The issues with those passwords is their lack of intuitiveness and the fact that they are typically shared by the team members who end up writing these passwords down on scraps of paper or notepads, which reduces the strength of the password.

For the regular guy that just wants to have a strong password that can be remembered and reduces the danger of having personal accounts compromised, here are a couple of methods that can work.

1. Come up with a non-obvious sequence for choosing your passwords

With this you have to get creative. A simple sequence can be a portion of the names of your co-workers. As the need to change your password arises, you go down the mental list of names in sequence. For example, you may begin with the first cube by the water cooler and continue to work your way down.

Let say the first co-worker from the water cooler is Sean Davis; from that you can create “seadav” (not a dictionary word) and throw in “12#” thereby creating “seadav12#”.

Next time you need to change your password, you go on to the next person, for this example, Barbara Earl, which can create “barbea12#”.

Next would be Jason Scott, which can create a password “jassc12#”.

Now you’re on the roll. The key is to be creative and come up with a process that names of people, objects, etc can be used in a password creation process and easy enough to remember because it follows a particular sequence.

Advantages:

a. You have a mnemonic as a memory aid that is hard to figure out until the at least 2 or 3 passwords are broken.

b. The passwords are easier to remember.

c. You don’t have to keep worrying about what your next password should be (just go to the next word in your sequence).

d. You don’t have to write it down because it’s your process and you remember it easily.

e. They comply with our example password policy, and thus is strong.

f. If you forgot your password, you still have an idea of what it could be, because in this example, you would probably still be able to remember the name of someone you’ve used, and a name that you haven’t gotten to.

2. Use common words, and go creative on them

Another cool method is to take a common dictionary word that you easily remember, and get colorful with it. For example, as a child I learned my alphabets by singing a rhyme:

A is for Apple

B is for Ball

C is for Cat

D is for Dog

E is for Elephant

F is for Fish, and so on…

Here goes:

Me being colorful with the word “Apple” could give me @Pp13. It’s five characters and since I need 3 more, I pick any three numbers from my keyboard in sequence and use their special character equivalent. I may choose to always start from 5, and thus use 5-6-7 special character equivalents.

Complete password is now: @Pp13%^&

The advantages are same as in number 1 above.

3. Store all your different passwords on your computer, but password protect the file

If you absolutely have to save your passwords I recommend saving it in a file on your computer and not on a notepad. You can save them in a MS Word or Excel file, but be sure to use the password protection feature that comes with Word or Excel - this gives your password file a little added security. Here you would obviously use a password you can always remember or else you stand the chance of losing your other passwords.

In Word, either do a help search to learn about the feature or from the MS Word menu, click:

In Excel, either do a help search to learn about the feature or from the MS Excel menu, click:

There you have it!

On Facebook? Join the Insight & Foresight blog network. Thanks!