Almost all web 2.o websites, such as Facebook, Twitter, Diigo and more, require logins with passwords. However, too many users under-estimate the importance of using secure passwords. Often they do not take precautions so that no one else can access their passwords. Furthermore, when complicated passwords are created, users resort to storing them either on their computer or on paper. Either way they could be easily accessible to others.
To avoid this problem, other users create a “one size fits all” type password or an easily guessed password or use one of the 500 most common passwords or even the top 10 most common passwords. Mark Burnett’s analysis of 150 million leaked Adobe passwords gives a good insight into how users create their passwords and the pitfalls to avoid. He concludes “…decades of user education has completely failed. No matter how much we advise not to use dates, family names or pet names in your passwords and no matter how much we tell people not to use the same passwords on multiple sites, you people will just do it anyway.”
The question is how secure are your passwords? There are several tests for passwords on the Internet. However, one of the most straight forward is the Password Meter. Simply enter your password character-by-character and watch the score as you enter your password.
The question is ‘how can 100% secure unique password be created for every site that we access that is easy to remember so that it does not need to be recorded anywhere?
First of all we need some simple rules for creating “bulletproof” passwords:
1. Minimum of 8 characters (more is better)
2. Use a combination of letters, numbers and special characters (i.e. & * $ ! or other characters)
3. Use both upper and lower case letters
4. Do not use common replacements such as 0 for the letter 0, the number 1 for the letter i, ‘two’ replaced by 2, ‘and’ replaced by ‘+’ or ‘&’.
5. Pad your password with extra word or letters or numbers.
Let’s return to the question ‘how can 100% secure unique password be created for every site that we access that is easy to remember so that it does not need to be recorded anywhere?’ The answer is quite simple once we understand how passwords are hacked. One of the best articles by Steve Gibbson gives us a clue to this dilemma: How big is your haystack? It is well worth reading and gives us simple insights into creating secure passwords.
Let’s give it a try with a simple algorithm so that we do not need to write down passwords:
1. Look at the name of the site i.e. Facebook
2. Choose a two-digit number i.e. 46
3. Choose a special character i.e *
4. Replace the vowels in Facebook with 4 and 6 repeatedly ie F4c6b46k until there are 8 characters.
6. Place * at the end ie. F4c6b46k* and the password has 9 characters.
If you try this in the password tester on Steve Gibson’s website, it shows you how long and how many attempts will be needed. Let’s just look at the last number for our next comparisons – Note 1.77 hours.
The beauty of this method is the password for every website will be unique. For example, the password for Twitter would become Tw4tt6r4 (8 characters by adding a 4 from the favorite number 46) and Tw4tt6r4* (9 characters). If a website does not have enough letters in the name, we simply add more numbers at the end to have a minimum of 8 characters.
However, now for the shocking discovery!
What happens if you add more * to the end of the password?
F4c6b46k** becomes 1 week and
F4c6b46k**** becomes 1.74 centuries !!!!
Who would have guessed that by creating a password based on the name of the website and following a few simple ideas that a password can be completely bulletproof. Always remember the only safe place for your passwords is in your head or in a locked safe.
Articles with more clever bulletproofing strategies
Eight Tips for Bulletproofing Your Password