Unique and Complex Passwords for Everything 19 August, 2007Posted by paralleldivergence in Brad & Phil, Internet, Life, passwords, security, technology.
When we were children, our “world” was a very small place. Everything that I knew was within a five-kilometer radius of my home. From time to time, I would catch a bus or a train that would take me out of my world, and into another. My little circular world was joined by a line to another small, temporary circular world when I went on holidays. While I realised that planet Earth was enormous, my world never got close to any of it. Then along came the Internet.
Despite the existence of the Internet which brings every corner of the Earth within easy reach, many people still live today as if they are safe in their tiny neighborhood. The problem is that not only does the Internet allow you to “visit” people and places anywhere on the planet, but it also allows all of those people to “visit” you. Inside your home.
Ten years ago, I would queue up at the bank and post office to pay my bills. I could never imagine wasting my time doing that ever again. So, instead, I signed up accounts for on-line payments for all my bills. One account for the bank, one for the post office – and through them, I was able to pay everything from home in minutes. I already had accounts for email and for my ISP and at work I had another slew of on-line accounts that I had to deal with and manage.
But things really started to get heavy in the last couple of years with Web 2.0 with a blog account, a Flickr account, a YouTube account and membership of various forums. All of these accounts needed a username AND a password. For many people, this was not a problem – they just used exactly the same password for everything! For others more careful by nature, it was starting to be a nightmare. The thing that everyone needs to remember is this: “The more you use the Internet, the more you can be used by others”. The weaker and more guessable your password is, the easier you’ll make it for those who want to exploit you. And if that same password is used for everything, then that’s just dumb.
Being in the IT industry, I knew I had to have not only a complex password, but a unique password for every site. But I also didn’t want to be forced into the position where I had to write my passwords down. The number of computer monitors I see everday with Post-It notes stuck to them showing a password continues to stagger me. Every one of my passwords had to be complex, unique AND instantly recallable. Here’s how you can do it too:
Step 1: Think of a password stub. It should be a short, four or five letter word or name that means something to you and that you will NEVER forget. Maybe your mother’s name or pet’s name.
Step 2: Complexerise that stub (is that a word?). Let’s say the stub is “susan“. Turn it into say, “5uS@n” – basically mix upper and lowercase and swap numbers and symbols for letters. Try to have a number in your stub because some sites require a mix of letters and numbers for all passwords. Burn this new stub into your memory.
Step 3: Now you just need to add a suffix to that stub related to the site where the account is held. You can either use the whole site name, or say, just the first three or four letters of the name of the site. Maybe make the second letter of the site name upper case just to add a little more complexity. Stick that suffix on the end of your stub and that’s your password!
For example, here are the complex, unique AND recallable passwords for some sample accounts:
Finally, if you get any sites that ask you to save a “secret question” and “secret answer” in case you forget your password, DON’T! This represents extremely poor security because anyone that knows your account name will be able to find out your secret question and may be able to use social engineering on you to get into your account. Answer those options with gibberish. You will never need to use them and you shouldn’t give others an opportunity to use them.
If you like this concept, feel free to use it. If you’ve got other good ideas for better password management please share them here.