In this age of internet (in)security, it is now more than ever crucial to establish a system of password creation that is both safe and easy to remember. Following is one method that should help prevent you from falling into common mistakes when creating passwords, such as writing them down in order to remember them, or using easily recognizable words or word combinations.
Start with a favorite song lyric. For this example, we’ll use a line from the Beatles’ tune, ‘Blackbird’:
“Take these broken wings and learn to fly”
Now, take the first letter from each word of the lyric. In this case it will be:
TTBWALTF
Next, choose a random set of characters and/or numbers. For our example, we’ll use:
& 5 +
Insert the random characters/numbers into your letter set above, in any order or position. For our example, we’ll choose beginning, middle and end, to make it easy to remember where they go:
&TTBW5ALTF+
To make it a bit trickier, make a few of the letters lower case. You will now have a password that is difficult to crack or decipher.
&TTbW5aLTf+
Note: using upper and lower case can make it a bit harder to remember, but will increase your password security level.
Just a few options to song lyrics are:
- Affirmative phrases /mantras
- Names of favorite sports teams or players
- Birthday months of relatives
- Favorite flowers
The possibilities are endless, as long as you use the first letters only from each word. You could also try using the last letter only, although this might be a little harder to remember. Be sure to use a subject that is familiar to you and easy to remember. I like song titles and lyrics because it’s easy to Google them should you ever forget.
Once you’ve created your passwords, be sure to do the following:
1/ Never share them.
2/ Never write them down.
3/ Change them frequently, at least once a year.
Identity theft and internet security are world-wide, growing issues. Databases are hacked and personal information is stolen on a regular basis these days. And what you read about on the news is only a fraction of the actual amount; a lot more theft occurs than what is publicly reported. Keep yourself and your privacy out of the wrong hands!
How about you? Do you have any great password protection tips to share?
Thanks Rachel, great post! I started doing this a while back, because it was easier to remember the longer, more complex, more secure passwords if I used phrases.
You jave a great suggeston about develpeing a safer password. It really is a great and novel aproch to such an agonizing sitiation. My only beef is your three rules.
1. It is very hard not to share a lot of password because of the way we do business.
2. How am I supposed to keep over 25 cryptic passwords memorized in my head if I do not write them down? This is an unrealistic, nonsensical and over used suggestion. What you should really do is write all of your passwords (I personally have over 25) in a password protected PDF document. That way, you only have to remember ONE password.
3. See#2
My other beef with this blog entry is that most of the password violations happen at the corporate level. Most people can have all of the individual responsibility (as promoted in this blog) all they want but if some knucklehead at an organization comprises your password, there is nothing you an do about it
Ash,
I think this post is aiming at helping people with generating passwords that are hard to guess but are still “easy” to remember or reconstruct for the legitimate user.
1. How does your giving your passwords away relate to this post about generating decent passwords? Don’t give your passwords away, just like you don’t want to give your ATM card PIN away. If you must give passwords away at work, then you have a security policy that needs to be reviewed. Passwords are personal and should never be shared.
2. That’s the same problem for everybody. I think the point of this post was to offer a method to remember them while, at the same time, generating decent passwords that cannot be easily guessed.
If you must store all your passwords into a single file, at least, don’t rely on an encrypted PDF document, it is way too easy to crack. To have an idea about how this is done, simply google the following terms: pdf protection crack
If you want to rely on a decent protection encryption, you should use AES 256 (see the following wikipedia article for details: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard ) On a Mac, you can simply create an encrypted .dmg virtual disk and on Windows you can use TrueCrypt (http://www.truecrypt.org) to implement this encryption algorithm.
3. What do you mean here?
Again, if you give your passwords away, what do you expect?