The Golden Rule Pt 2

I will try and keep this explanation as simple as I can, it is an easy topic to get all tecko and mathematical about, so I’ll do my best. 

Recent testing by cyber security experts has discovered that a long simple password is more secure than a short complicated password. The reason behind this is that every extra character that is added, multiplies the possible combinations that an attacker would have to try, and as you add more characters the multiplication increases in greater proportions. Remember what I told you before, someone trying to break the password doesn’t know when they have each letter one by one, to them it works or it doesn’t work. If a password is stored correctly in a database, you can’t even tell how many characters have been used, it is just a gibberish pattern.

Yes, I know “How am I supposed to remember a long password, let alone different long ones!”

I am not insisting that you have a different password for every single site, you can have one password that you use for all those random sites that just require you to give one so you can access something. The password for these sites doesn’t need to be too secure because all you are supplying is a user name, or email and password, no personal details are required.

For the sites where you have supplied personal information, access to financial records or funds, credit card details etc, you need to find out what the maximum number of allowed letters, numbers, or symbols are, and use a password appropriate to the allowance. Some sites will allow you to use letters and numbers but no symbols (!@$*+,etc) some will not allow you to use the same character in a row. A certain bank that I know of only allows a 16 character password with only letters and numbers, no symbols are allowed, this is very poor security for a bank. In this situation you must always make sure you use the all of the 16, and mix it up with numbers, letters, and upper and lower case.

I will show you two easy methods to come up with long passwords, it is best to pick one method and stick to it, that way it is easy to recreate your password if you forget it. Try and have at least 12 to 16 character passwords. The first method is to pick a word that you remember easy (probably the password you are using now) and simply add letters, numbers or symbols before and after it. An example of this would be if you used Womble for your word, well then this could become ******W0mble^^^^^^   

This method is known as Password Haystacks and was devised by Steve Gibson, From Gibson Research. He has a page https://www.grc.com/haystack.htm where you can type in your password and it will give you an idea how long it would take to crack that combination. The above example would take over a thousand trillion centuries to crack in a brute force attack, based on the combination and number of characters. You may have noticed I changed the letter o to a zero so that we had a number included.

One way that you can make this method unique to each site is to use the same number of “fill characters” as the number of letters in the name of the site, eg: if the site is “Google” you would add 6 characters each side of your middle word, if it was “apple” it would be 5 each side. You need to come up with your own style or plan and stick to it, that way you can always work out what your password is, if you can’t remember it. If the site has two words, you may put the number of letters in the first word in front of your word and the number of letters in the second word after. If the site has a long name, you could do something like always just use the first 6 characters. Remember, it can be any combination of characters that the site allows. 

On Wednesday I will give you another idea for remembering long passwords and wrap up our password chat.

There was a report on 60 minutes last night about cyber crime, and while the big stuff is out of our control, the experts stated that the average home computer is still mainly taken over because the user clicked on fake links, videos, or sites. So remember to stay Alert Online.