To Make Hard-to-Crack Passwords, You Write the Rules

By now you’ve heard from countless experts that the best way to protect yourself online is to have hard-to-crack passwords for all your logins. “Don’t use any words that occur in the dictionary,” they say, “and don’t use easy-to-find information like your pet’s name or the street you live on.  And while you’re at it, forget about memorable number comPasswordsbinations like your address, your date of birth, or ‘123.’” Great advice, but if you’re also told never to write anything down, how on earth are you supposed to remember a string of numbers, letters, and characters you’ve intentionally made as random as possible?

The trick is to invent a simple set of rules that’s easy to remember and replicable across all sites.

Here are some examples. You wouldn’t want to use these specific scenarios, of course.

  • First letter of each word in a common phrase + four-digit number + ampersand.  To change the password – something you should do every six months or so anyhow – just change the common phrase, or start using the second letter of each word.
  • Site name + your first name backwards + four-digit number + same four-digit number with the shift key held down. To change the password, come up with a new four-digit number or start using your last name backwards.
  • Take two words and run them together with a numeral at the beginning and a symbol at the end. So, “Gandalf” + “sesame” would yield 2Gsaensdalmfe#.

The trend these days is toward “pass phrases,” often composed of song lyrics or idiomatic sayings, rather than passwords.  Why? Because password crackers can generate millions of guesses in a second. The more characters you have for them to work through, the longer it will take them and the greater the likelihood that they’ll move on to an easier target. In other words, length beats complexity.


More Password Warnings: RockYou is Latest Victim

“Update your passwords.  Don’t use words.  Throw in numbers and punctuation.

You’ve heard it thousands of times, but I just had a discussion with someone yesterday where we BOTH admittedPassword Icon neglecting updating our passwords frequently or making them complicated enough to keep hackers at bay.

Here’s the latest news of a HUGE user account data theft.  RockYou is just the latest reminder that we’re not paying enough attention to our passwords.  Can you imagine what you could lose if someone had the password to your e-mail account?  Or your business financial records?  Or the information of all your clients?