Tuesday, April 21, 2015

Password Security - Make It Easy To Remember, But Hard To Break

Does this sound like you?
"I can't remember that dang password!"

I've posted similar to this before on Facebook as well as company distributions at previous jobs.

If you’re like me you go crazy with having to try and keep track of so many passwords for so many things.  But take heart.  There are options.

  The first and foremost important thing is the very password itself.   While they may be easy, using your dogs name, kids name, etc is the WORST thing you can do.  Why, because those wishing to break into your account simply has to do a bit of quick research about you and they’re on their way.   Some do not even do that.  They have a huge dictionary of hundreds of thousands of words that their software can go through and break into an account.    You may think by adding letters, numbers, etc to change it will help.   Well the very same software can try multiple combinations of the words along with numbers etc and still break in, although it may take a little longer.



retro, pen paper, math, calculations, notes, school, learning, educationNever, ever, ever write them down on sticky notes etc.  These things can be misplaced or stolen.  For Pete's sake don't put it under the keyboard.  That's like putting the key under the mat at your house.  The burglar doesn't have to try hard for that one.




   But there is a much easier way that solves several problems.   It solves the problem of not being too simple as to be easy to break into.   That and also makes it very easy for you to remember it.   You can’t beat that.   So what is it?  You think of a phrase that you can remember.   For instance:
It is now my favorite season of the year
Now, you take the first letter of each of the words in that phrase to make your password such as:
Iinmfsoty

   In this case I made the first letter uppercase as some systems require at least one uppercase letter.   The other thing is they may require a number which you can use a number representing the year or something like:
Iinmfsoty1

   Which also works if the system requires you to change the password.   It may allow you to use the same basic password but with a different number on the end.  You can even get more creative and substitute numbers for vowels like 1 for I, 3 for e, 0 for o.   The whole point being that it helps if you can remember it and yet complex enough that it would take someone too long a time to break in to be useful.

Help Is On The Way!
 The other issue with passwords is if you do have a lot of systems and passwords where to store them.  Putting them on a post-it note on your computer is flat dumb, okay.   It’s like locking your doors on your house with a note “the key is under the mat”.     There is software out there like Password Safe at
http://pwsafe.org/
or
KeePass
http://keepass.info/
Note:They are others out there.  This happens to be one I use on my pc as well as my phone and keep the two in sync. 

This allows you to put like links to the web site along with the user id and passwords for all your accounts in this software safe and then secure it with a single password.   So now all you have to do is remember this one password to get into the safe and have all the ids and passwords.

 Hopefully this will save some part of your sanity in a world of ids and passwords for everything you do.  You obviously have to weigh the consequences of choosing less secure means.   However if it’s vital financial and personal information do you really want to take the chance of it getting into hands of identity thieves?    At least educate yourself on things besides this that can help.

  This is by no means then end-all to password security.  It’s simply sharing personal experience from working with a fortune 500 company with millions of customer account information stored within it’s systems and working as a system administrator for over 13 years.   But hopefully help you make it harder for those wishing to attack hard working citizens.

Copyright 2015 Michael Monteith