Most people use ridiculously easy-to-hack passwords. Many actually write their password on a note that is RIGHT NEXT TO THE MACHINE WHERE THEY LOG IN.
I've been reading a lot of articles about how to create and maintain secure passwords, and the general consensus is that you should create a SYSTEM instead of a single password.
There are two schools of thought on the system:
1. a physical system - use a password that makes a shape on the keyboard, and vary it regularly in an easy-to-remember way (for example, you always start with "4" in April and "5" in May)
2. a pattern system - use a root password that varies according to what you're logging in to. I use a variation of this system, and it works REALLY well.
First you need a root password. I recommend that you choose something that includes both letters and numbers but isn't a real word. My root is the first letter of the words of a saying that was very important to me when I was in college. Some of the articles I saw recommended using parts of two or three words. The numbers I use are actually a mistake - I started using these particular numbers for a numeric password thinking that they corresponded to the buttons on the phone that corresponded to those initials (obviously this was before I got into texting), but I got it wrong. I was in a hurry because I'd just broken up with someone who knew my code number for the ATM and I was concerned about that. By the time I realized my mistake, I was used to those numbers.
So let's say your favorite saying is "Let a smile be your umbrella" - using my system, your root password would be LASBYU527298 (assuming that you got the numbers right!)
Now - this is a really good password for a number of reasons - since the letters aren't a real word, it will be difficult for someone to casually watch and know what you're typing, whereas it wouldn't take long to figure out a password like "puppy" or "california" or even "password" (which is apparently a very common choice). It also uses both hands, assuming you know how to touch type (if you don't - what the heck is wrong with you?).
However, it is still vulnerable to hacking if you use the same thing for everything you log in to - sure your bank website is super-duper secure, but the site that remembers your favorite comic strips? Probably not so much. It wouldn't take a hacker long to pull your password from the comic strip site and try it at all the major banks.
So - you customize the password to the site. You might use the first and last letter of the service, so for facebook, your password would be FLASMYU527298K and for hotmail it would be HLASMYU527298L
If you really wanted to be fancy, you could put a customization letter in the middle, maybe from the middle of the name of the site like this:
F*******B*******K (with the two parts of your root in the asterisks)
or even the first and last letter of each syllable
F*****EB*******K
Whatever system you choose - pick it, stick with it and you're all set for life.
But what if you have a site that makes you change your password every so often?
Many workplaces in particular require a password change ever 30, 60 or 90 days. The last time I had to do this, I changed it every single month (there is rarely a system that does not let you change your password more often than what is required), and added the three-letter abbreviation for the current month as well as the number for the month to my root passwords.
EG: *******JAN********01 would become *********FEB*******02
Another idea - if you have a family whose birthdays are spread around the calendar pretty evenly - why not incorporate their name and birthday into your pattern?
By now, you either have a pattern in mind, or your own mind is coming up with great new variations - please share your ideas (obviously not with your actual passwords!) in the comments section
No comments:
Post a Comment