• CMIT on twitter

  • Advertisements

To Make Hard-to-Crack Passwords, You Write the Rules

By now you’ve heard from countless experts that the best way to protect yourself online is to have hard-to-crack passwords for all your logins. “Don’t use any words that occur in the dictionary,” they say, “and don’t use easy-to-find information like your pet’s name or the street you live on.  And while you’re at it, forget about memorable number comPasswordsbinations like your address, your date of birth, or ‘123.’” Great advice, but if you’re also told never to write anything down, how on earth are you supposed to remember a string of numbers, letters, and characters you’ve intentionally made as random as possible?

The trick is to invent a simple set of rules that’s easy to remember and replicable across all sites.

Here are some examples. You wouldn’t want to use these specific scenarios, of course.

  • First letter of each word in a common phrase + four-digit number + ampersand.  To change the password – something you should do every six months or so anyhow – just change the common phrase, or start using the second letter of each word.
  • Site name + your first name backwards + four-digit number + same four-digit number with the shift key held down. To change the password, come up with a new four-digit number or start using your last name backwards.
  • Take two words and run them together with a numeral at the beginning and a symbol at the end. So, “Gandalf” + “sesame” would yield 2Gsaensdalmfe#.

The trend these days is toward “pass phrases,” often composed of song lyrics or idiomatic sayings, rather than passwords.  Why? Because password crackers can generate millions of guesses in a second. The more characters you have for them to work through, the longer it will take them and the greater the likelihood that they’ll move on to an easier target. In other words, length beats complexity.


One Response

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: