- Internet & the Web
Smart, Memorable Passwords
Current state of passwords
It seems these days that hackers are getting into all sorts of company websites. Often these sites get hacked because of weak passwords. But why do people create poor passwords?
There have been many complaints that the password complexity requirements are too difficult to use and then once created, it’s too hard to remember them. Password requirements often include numbers, symbols, letters in both lower and uppercase, and they can’t be words either. And on top of all that, it is recommended that you not use the same password on each site. These rules can certainly be infuriating.
Most password hacking is not done by humans, but rather by malicious software. Often the hack that is used is called a “Dictionary Attack”. This attack does not actually employ Merriam-Webster to attack your account, but rather a very large list of known passwords for the majority of users. Each password is tried until the system allows the software access. Another method of hacking uses public information about a person, like home address, family member names, or birth dates.
More recently, accounts have been given "recovery phrases", so that the user doesn’t need to call the company to recover a forgotten password or account name. These phrases are often a short set of questions asked and answered by the user. But while the user may have created an strong password (ex: %y3lU8#s), the answers to the recovery phrases are much less difficult to guess (especially with fully public Facebook page).
All this can all be very taxing for someone who uses more than a two sites. Fortunately there are several methods that you can use to both easily create and remember your passwords. These techniques all involve pattern methods, patterns that are easy to remember, but impossible to guess, even for someone who knows you.
Your Current Passwords
Do you have a different unique password for every account?
Method 1: A Few Unrelated Words
If there’s one thing that a computer really cannot do well, is know that your password is actually several words stuck together. Some examples of this method are
These examples have a few commonalities built-in, (1) that the first letter in each work are consecutive letters in the alphabet, (2) that each word has the same number of letters, and (3) that each phrase has three words (the capitalization was merely for emphasis).
A method for remembering these password phrases is to create a silly story or sentence from the phrase...
- The Axe in the Bar Can be seen from afar
- I Jump when I see a Knit Lamp
- This Man is on Nap One
Method 2: Elite Speak with a twist
Like I said in the previous section computers do not recognize multiple worlds consecutively, so the dictionary attack will not easily work in this case either.
Elite speak is a nerd term for taking the numbers that look like letters and replacing them. Most hackers know this about "elite speak", but that’s why this method has a twist. First, I will write a phrase with Elite Speak to give you a chance to try it out.
1F Y0U C4N R34D TH1S TH3N Y0UR3 D01NG GR34T 4LR34DY
IF YOU CAN READ THIS THEN YOURE DOING GREAT ALREADY
Next, using this method, here are some examples of Elite Speak with a twist for some legitimate websites.
Hopefully it was apparent that the phrases included the name of this website. So that you know you’re not crazy, here’s what they should look like without the numbers.
All the vowels, except for “u” have been converted to numbers that resemble a letter in the alphabet. (A) resembles "4", (E) resembles a backward "3", (I) resembles "1", and (O) resembles "0".
But in addition, the suffix key word to each password is always the same. This method will allow you to create unique passwords for every site that you visit using both the name of the site and a word that you can remember easily. I recommend also that you consider a using different suffix key word than the one I used in the example.
Method 3: A short sentence
The short sentence method is similar to method 1 in that it uses multiple words squished together. But rather than using unrelated words we use a normal sentence. If you are to use this method, it may be easier to make the sentences about your life. Try not to use things that are likely to be public information.
These are phrases that even family members may not know, and that are less likely to have been recorded by a social media site. (Again, the capitalization of each word is merely for emphasis).
As with all things that should not be lost, it is always prudent to write the passwords somewhere that you know you can get to if you just cannot remember them. As much as I am an advocate of the internet and information storage therein, I still recommend that you write your passwords on paper. Or if not via paper, fill out a spreadsheet and encrypt it with a master password, or print it out and keep it in the back of your filing cabinet without a label. Or purchase a safe deposit box at your local bank.
As Gandalf says in Lord of the Rings (movie), “keep it secret, keep it safe.”