Wednesday, March 23, 2016

"Building, Easily Remembering Strong Passwords"

From Racine County Eye:

By John Acheson in Tech Corner · March 22, 2016 · No comments

"As we are all told every time we are setting up an on-line account somewhere, it’s important that you choose a strong password for a number of reasons. The first is to avoid a hacker guessing your password through brute-force or what is often called 'dictionary' hacking. That’s exactly what it sounds like – a hacker runs through a 'dictionary' of common words until one works. Since hackers are using automated scripts, they can literally try thousands of passwords per hour. The secondary danger is using the same password across multiple sites. If a hacker gets that common password, he or she can now access anything you have using the same password. Here is a simple and easy to remember technique for building and easily remembering strong passwords for any website or service.

Start with a “mnemonic” root password.

"Mnemonic is just a 75 cent word (adjusted for inflation) that simply means 'easy to remember'. OK that’s not the dictionary definition but close enough for our purposes. We are not trying to remember multiple passwords, we just want to be able to easily remember this root password. We’ll get into why I call it a 'root' password in the next step. What really works for me is to take a memorable line from a song, book or movie, and take the first letter of each word and string them together. So for example, 'All You Need is Love' becomes 'aYniL' Capitalize a couple of the letters. This is a good start, but most sites and services require at least 8 characters. Again drawing on stuff you won’t forget, split your birth year to each end of the string. So now I have '19aYniL63'. But wait, there’s more! Quite often your password needs to contain 'special characters'. Those are the ones we usually use for swearing online. So I add a couple of those, again to each end: '@19aYniL63#'. Yay! We have a relatively strong root password, that you’ll find easy to memorize. But we don’t want to use this as an actual password anywhere. Using the exact same password on multiple sites is nearly as bad as a weak password. On to step 2.

Create a consistent “Password Formula”.

"Next we are going to devise a 'password formula' that we use to make our root password unique for every site where a password is needed. The simplest formula is to simply add the first two characters of the website to the front of the root password, and the last two characters to the end of the root password. Use at least two characters to minimize any password duplication between sites with similar names. So to use our example root password for facebook, it would become 'fa@19aYniL63#ok'. There we go – a 15 character, very strong password that looks like random characters, but will be easy for you to remember simply by memorizing the root password, and always applying the same formula to build the full password. You can devise whatever formula you want, but it’s vital that you consistently use the same formula.

DO NOT tell anyone your root password or formula.

"Enough said.

"And that’s all there is to it. You’ll have passwords that every paranoid security administrator will love, and an easy method to build those passwords and later recall them with little effort."

Read more:


OKIE said...

Oh please, don't talk to me about passwords. At work we have to sign on to the computer and then sign on to the website. About every 5 weeks we have to change them. It's not fun going into work and having to come up with a new password that isn't like anything you've had in the past year.
It's not what you want to do first thing when you get there. Needless to say I always have to call the Support Center and get it reset.
Drives me friggin crazy.
Okay, I'm done.

kkdither said...

I have so many accounts laying dead out there, with passwords I can't remember. Anyone who has used fake identities on social media sites to to protect their real identity from ne'er-do-wells and hackers is pretty much screwed. Email accounts and Facebook are tightening the screws. All of them are moving to require a cell phone number or credit card for positive identification. Pretty soon, I won't exist.

OrbsCorbs said...

All of the jtirregulars email accounts that I deal with were hacked. Had to change all of the passwords. I keep a list of my identities and passwords. Sometimes, though, I forget to change the password on the list after I've done it on an account. Then the fun starts. I tried to resurrect Orbs O'Corbs for St. Patrick's Day. Forget it. After I went through all the steps (they called me to give me a code), I got the account going. However, when I sign in with it, I'm "The Sheriff," but only of an obscure blog.

OKIE said...

I just had a call from my boss. He got locked out because the password was wrong. It happened to me this morning too. I'm inclined to think it's the computer.