Blog, How To — June 20, 2012 11:53 — 0 Comments
The secret of secure passwords: how to make and remember them
Last week a number of high profile web services found themselves embarrassed when it became clear that literally millions of encrypted passwords were being posted on a Chinese hacking forum.
One of the victims was LinkedIn, which, after initially prevaricating, told its users to change their passwords pronto. It highlights, yet again, that there really is no such thing as ‘safe’ or ‘secure’ when it comes to the web, so let’s look at some ways to minimise your personal password risk.
After being online for longer than I care to remember I have reluctantly come to the following conclusions about passwords:
1. Do not use one password for all your sites
2. Do not use familiar or meaningful terms to you for your passwords
3. Do not save your passwords on your PC/phone
But there’s just one small problem with these basic rules. If we were all to follow them to the letter we’d get into all sorts of trouble, as we’d never remember all our different passwords, and even if we could, we’d struggle to remember which password applies to which website?
What’s to be done? We’re not computers who can be expected to remember obscure number and letter combinations of 15 characters or more and then recall which site this particular password pertains to… well not unless you happen to be a master of total memory recall. Fortunately there are techniques that you can apply which will always give you a unique password and allow you to remember how to reconstruct it.
So what is this dark magic I dangle before you? Well, nothing more complex than following some simple, but very personal to you, rules.
Passwords Stage 1: Memorable information to you
As a child you probably learned a few poems or rhymes. You may have a particular song that’s a favourite or a special passage from a book that always comes to mind. This will form the bedrock of password nirvana.
Let’s take the W.H. Auden poem made famous in the film Four Weddings and a Funeral:
He was my North, my South, my East and West,
My working week and my Sunday rest,
My noon, my midnight, my talk, my song;
I thought that love would last for ever: I was wrong.
In this example let’s use the first letter from each word of the first two lines to give you:
In this case it’s 17 characters. Depending on how enthusiastic (or not) you are, you could choose to make it shorter or longer. That’s really up to you but a password ought to be at least 15 characters these days.
Passwords Stage 2: Wherefore art thou website?
Now you have your meaningless string of letters but you also want a way to make it unique to each website. Here’s one approach. Let’s say that you wanted to use this password for Gmail. You could personalise it by using the first letter at the front (or back) of the character string and then take the total number of letters in Gmail, in this case five, and place this at the opposite end.
Thus you end up with the increasingly obscure:
Following this method, LinkedIn would be 8HwmNmSmEaWMwwamSrL and Twitter would be 7HwmNmSmEaWMwwamSrT.
The point is these passwords are both long and quite meaningless, yet through the techniques mentioned above, once you’re familiar with your personal poem or phrase, they are easy to reconstruct in a matter of moments by following your own variation on the rules.
Passwords Stage 3: Gold plating passwords
And if after this you still want to add a teensy bit more obscurity, one final suggestion would be to add a non-alphanumeric character to the end of each line in the poem so that the first example 5HwmNmSmEaWMwwamSrG becomes truly secure.
Note that I’ve added the two characters ‘&’ and ‘#’. Many experts recommend the use of non-alphanumeric characters to make passwords particularly challenging to break. It’s your call where you put them and which characters you use.
But the general point here is that by following your own customised version of the technique above every password you need can be in your head and reconstructed very quickly.
So to recap:
- Think of a song or poem or passage you know well.
- Select the letters from the start (or end) of each word, aiming for at least 15 characters once completed.
- Add the first (or last) letter of the site name to one end of your password; at the other end add a number equal to the letters in that site’s name.
- Add non-alphanumeric characters (e.g. !,”,£,$,%,&,*,) at the start (or end) of each line or sentence of the song/poem/passage you’ve picked.
By following this simple approach you will always have a password that’s unique to you and different for every website. And while it might still seem challenging, once you get the hang of it, it quickly becomes second nature, taking just a few moments to ‘remember’ that pesky password for any site.
You may need to put pen to paper to remind yourself of the unique string you formed using your flavour of these rules, but you will never need to save it to a browser in order to remember it ever again.
One final caveat… some sites require you to update your password after a set period of time. In these instances you can simply select the next verse or sentence to start over again.
If this still all sounds like too much hard work… you can always use a password safe such as the free KeePass. Create one long and complicated password using the rules (or a variation on them) suggested above and let KeePass create and remember the rest for you. But if you do opt for this approach DO make a backup each time you create a new password. you have been warned!
Latest from the blog
- How to analyse Google Analytics metrics (part one)
- Have you used LinkedIn mentions yet?
- What should I blog about?
- The KISS principle in homepage content: keep it super simple
- How to get started with your white paper
- How to use hashtags on Twitter
- Four dos and a don’t for promoting your content
- How to be anonymous on LinkedIn
- The 10 Commandments for keeping your email inbox empty
- How to schedule posts using Hootsuite