Protecting small firms from computer disasters
Cart 0

Create an Easy, Strong Password

password protection

In this era of ever more dangerous viruses and breaches, you need a good, strong password. By using it to access a secure password vault or password manager, you get two great advantages:

1. You keep your files, financial data and personal information safe.
2. It is much easier for you to use strong passwords to access all your stuff.

Use a Password Manager

We recommend LastPass as a password vault or password manager. There are other good ones, like KeePassX, 1Password and Dashlane. But LastPass has the independent blessings of Steve Gibson, a preeminent security guru.

A single, memorable, strong password will make it easy for you to login to your accounts on all websites safely. You'll use your one master password to open LastPass or your other password manager. It works on your computer, tablet and phone as well as on any other computer. (On other computers and at public hotspots you'll need to take precautions.)

Once you open your password manager, it can provide different, truly strong passwords for each of your services. The software makes it easy to generate, change and use passwords to login to websites and protected applications.

How to Make Up a Good Password

Don't think you'll trick anyone by substituting numbers or punctuation for similar-looking letters. Those "tricks" are built into password cracking software.

Instead, *break up* two memorable words with punctuation and numbers.

For example, use "frog" and "path." Pretty easy to visualize a frog on a path, right? One way to break up these words is:

Fr,og4pa,th4

While a password like FrogPath, would be easy to break using a multi-word dictionary attack, Fr,og4pa,th4 breaks up the words and inserts numbers and punctuation in unpredictable places.

Here is another example:

kan2sas.Dog2

So, what's so easy to remember about these examples? You can remember "Frog path" or "kansas Dog," but what about the punctuation and numbers?

Use your own rhythm for inserting the punctuation: two letters, non-letter, two letters, non-letter....

You'd be surprised at how fast your brain can adapt to remembering and typing this sort of password.

Objections to Broken Words Technique

What are the objections to breaking up two words with non-letters - the "broken words password" technique?

#1 - "It is not so easy to remember as something like P@$$w0rd777. " Response: That may be true, but:
a) It is actually harder to type P@$$w0rd777 than kan2sas.Dog2, especially on a phone, and
b) P@$$w0rd777 can be cracked in 3 minutes on an average home computer!

#2 - "Why can't I just use my typical password - DoRothy!8 - that has capitals, number and punctuation?"
Response: That one will take all of 11 minutes to break on a home computer.

#3 - "I am safe. I would take a thief forever to try to steal my password because they can only try to login so many times before they are locked out."
Response: Thieves are trickier than that. The risk we all face is that thieves will intercept our *encrypted* passwords in transit across the internet or in place on a server somewhere. Then they can attack your password, and thousands of others, offline. They can crack the weak passwords in minutes or seconds and then use them to log into accounts online.

#4 - From the password purist: "You're using words and patterns! Why are you are violating the entropy principles that govern the strength of passwords?"
Response: You have a point there. These 12-character passwords are not so strong as randomly-generated 12-character passwords. But such passwords are nearly impossible for regular people to memorize.

Why is Fr,og4pa,th4 strong enough?

The best password tester on the internet may be found at:
https://password.kaspersky.com
It will catch you using whole words, misspellings, popular passwords and common tricks for adding numbers and punctuation.

According to this test, Fr,og4pa,th4 would take a home computer *4 centuries* to crack.

While this broken words approach to password creation violates some classic password principles, it is more than adequate to guard against hacker password cracking computers for at least the next five years.

In principle, you should not use real words and formulas to create passwords. It makes them weaker. But in principle, you are supposed to use impossible-to-remember passwords. That leads to risky behaviors such as writing them down near your computer.

A good deal has been written about making and remembering strong passwords. Unfortunately, events have overtaken much of the advice given in the past.

Hackers have devised ever more sophisticated techniques for cracking passwords. Gone are the days of the simple dictionary attacks that run variations with numbers at the start or end.

After analyzing hundreds of millions of compromised passwords, hackers have developed algorithms that account for the great variety of "secret" patterns that people use. So satisfying the traditional requirements for including capitals, numbers and/or punctuation no longer is enough.

Don't think your clever passwords are truly strong, even those with a capital letter, number and punctuation mark.

Follow these rules and you'll be safer:
-- Be Avoid common substitutions of punctuation like @ for a and $ for s.
-- Break up whole words with numbers or punctuation.
-- Use more than one broken word.

You still won't have the strongest of passwords, but you don't need perfection. You'll be able to remember your password. Use it to lock your password manager and you will rank among the safest users of technology.



Older Post


Leave a comment

Please note, comments must be approved before they are published