On making great passwords.


 

You may have heard how important it is to consider security while using technology.

Image from 1928 US patent 1,657,411 (Enigma ma...

Image from 1928 US patent 1,657,411 (Enigma machine) by Arthur Scherbius (died 1929). (Photo credit: Wikipedia)

This is rather abstract. A more concrete example of technology security is to choose great passwords. If you choose a great password and keep it in your head and not on paper or in anyone else’s head, you immediately offer yourself more security against someone using your devices and services as though they were you. You might be tempted to write it down on a note in your office, or share the password with a trusted friend, but the minute you do that you immediately offer a chance for the password to get into the wrong hands, eyes, or ears. Also, if you believe that you are not important enough to be targeted for password theft, or that it’s about money or fun, you are overlooking the possibility that your account might be used to simply disguise the activities of the person who uses it, making it seem as though you did something illegal, immoral, or sinister instead of them.

Make your password hard to guess, hard to crack, and easy for you to remember.

English: This is a screenshot of windows passw...

English: This is a screenshot of windows password unlocker, which is a professional windows password reset tool (Photo credit: Wikipedia)

For example, let’s look at creating a great password from a not so great one.

06011960‘ is a horrible password. It’s a birthday, and anyone who can find out your birthday (not as hard as you might think) can try to log in with it to your accounts.

jimmy‘ is also a very bad password, for a few reasons, namely I probably chose it because it is significant to me, and anyone who knows me might be able to guess it. Even if they don;t they might use what’s called “brute force attacks” with dictionaries of common words, names, and strings used for passwords to automatically get into my account. With simple passwords like this, they emphasize the ease of you remembering it, rather than the difficulty of bypassing it.

JimmY‘ is a better password, because I have introduced shift characters (capital letters), which extend the time that someone would need to brute force attack and discover the password. It’s still kind of short and common, though.

JimmY&jAne‘ is better yet, because it is longer, uses shift characters, and uses a non-alphanumeric character.

If we take this to an extreme, we might choose ‘!32%tRuH&k*9‘, which would be incredibly hard to guess, and difficult to crack, but there’s a problem in that there is little chance that you will remember it.

A good compromise, and a great password, is something like ‘The4WallsOfMyR00mAreFriends‘ which introduces some great features.

German / Deutsch Enigma Machine: World War II ...

German / Deutsch Enigma Machine: World War II Museum, New Orleans, Lousiana, USA (Photo credit: Bogdan Migulski)

It’s both memorable and nonsensical. It’s long, which makes it harder to crack. It has alphanumeric and non-alphanumeric characters, making it harder to crack. It mentions a personal keyword (friends) for the site that I am using the password for (facebook), because I am choosing a different password for each site or service. This is a good thing for when someone guesses one of my passwords, they would not necessarily know my other passwords. It uses many shift characters. This password would be very hard for others to guess or crack, but very easy for you to remember. You might choose a favorite song lyric, quote, or statement as the basis for your password. If you are a Rolling Stones fan, perhaps ‘DidY0uGuessMyName?’

HTTP vs. HTTPS

One last point: If you are using public WiFi, such as at a Panera, you should be extra careful about logging into important sites (e.g. banking, email, social networks) unless the URL for the site begins with https:// because otherwise someone could capture your password as it travels to the site over http:// using what’s known as ethernet sniffing software. https:// is an encrypted protocol, and provides some (if imperfect) protection from password capture and other activity.

If you want to know more about how you can stay protected while you are using technology, please contact me at lemasney@gmail.com. The first session with new clients is always free.

 

 

 

 

This content is published under the Attribution 3.0 Unported license.


About lemsy

John LeMasney is an artist, graphic designer, and technology creative. He is located in beautiful, mountainous Charlottesville, VA, but works remotely with ease. Contact him at: lemasney@gmail.com to discuss your next creative project.

Leave a Reply