April 3, 2015

Creating memorable passwords

Just about every website requires a username and password if you want to do anything useful. Shopping online, using a web-based email service, participating in social networking: all require a username, such as your email address, and password.
There are too many to remember without writing them down, so we use the same password on multiple sites. That’s where the trouble begins.
The majors sites, banks, Facebook, Yahoo, Amazon, and Google, have solid security and account break-ins are rare. Smaller sites, however, may not do so well. For example, you’ve used
the same email and password for your account on Fubarbco.com and on Amazon.com. Someone breaks into Fubarbco. Using the email and password information they found on Fubarbco,they’ll attempt to log in to Amazon. Bingo.
Using standard password cracking tools, a password such as Aa123.yz will take five days to break. That’s pretty good.
So, here’s a way to create a password that you can remember, but that is impossible to guess and difficult to crack.
Put a punctuation mark and four or more numbers in the middle of the site’s name. You can use the same mark and set of number. That’s the only part that you need to remember.
For example, for Amazon, you do something like this:
2120 is the street address on Michigan Avenue in Chicago, the former home of the Chess Records.
According to How Secure Is My Password http://howsecureismypassword.net, it will take about four thousand years to crack the password. You can then use Goo&2120gle for your Google account and so on.
Your password for Facebook would then be:
Use some number that is meaningful to you – a date such as 102704 or the ZIP code of Graceland, 38116 – but which is not readily associated with you, such as your birth year or ZIP code..
It doesn’t matter much where you insert the punctuation and numbers.
I should note that many people use LastPass http://lastpass.com, KeePass http://keepass.info, or other account storage services. They like them. I don’t. Your mileage may vary.
The primary goal in security – at home or online – is to make the intruder take more time and thus increase the likelihood that you can detect the intrusion.