The Golden Rule Pt 3

In the last post I talked about easy ways to remember secure passwords, and covered the “Password Haystacks” method, today I am going to talk about “PassPhrases”.

PassPhrases can be used in two ways, the first way is to pick a phrase that is easy to remember (not too common) and is best to include at least 1 number and a symbol eg: IwalkmyDog@6pm  this covers all the criteria and is easy to remember. I ran this passphrase through the GRC Haystacks Calculator and it would take 1.5 thousand trillion centuries to try every combination to crack this phrase. You could further personalize this to the particular site by saying IwalkmyDog2Google@6 or anything similar, these are only just examples so have a play, see what you come up with.

The other way to use a phrase for passwords is to pick a phrase or song lyric that you like and take the first letter from each word, if it’s not very long phrase you could take the first and last letter of each word. You can then do things like turn the letter o into zero or the letter i into one, s to 5, e to 3, a to @ but be aware this is a common practice so a good hacking database will be equipped with these substitutions, so don’t rely entirely on just changing those characters, don’t forget to add symbols, even if it is commas, question marks or full stops. You can make vowels capitals, like the other method you need to make a rule at the start and stick to it, that way you can easily recreate your forgotten password.

Here is an example from a current song by Adele, the lyric “never mind I’ll find someone like you, I wish nothing but the best for you” this would become   nmIfsly,Iwnbtb4y  how easy is that to come up with a 16 character password!. I applied the rule of making a vowel a capital letter, put the comma in and changed a word that sounds like a number into one (for into 4). A quick check through the GRC calculator shows this to be an ultra secure password and virtually uncrackable.

All it takes is a little imagination, you can use Rhymes, Poems, anything that sticks easily in your head, it could be a line out of a favourite movie! Maybe you could relate a song or rhyme or ad to each site to make them unique to that site. So I hope you can see it is not too hard to remember secure passwords. You can always write down memory hints and store them in a safe place, not the actual password but just something that will make you think “thats right! I remember”

This has been a timely post actually, as yesterday the top 25 most common passwords for 2011 was released, these are obtained from lists of hacked password databases.

1. password  2.123456  3.12345678  4.Qwerty  5.abc123   6. Monkey  7.1234567  
8.Letmein  9.trustno1 10. Dragon   11. Baseball  12. 111111  13. Iloveyou
14. Master   15. Sunshine  16. ashley  17. Bailey 18. passw0rd   19. Shadow
20. 123123  21. 654321  22. Superman   23. Qazwsx  24. Michael  25. Football

The other issue that you need to think about is how often you change them, this is a contentious point, with a lot of experts asking what is the point- if someone has your password they are going to use it, not wait a month, and then use it. A lot of businesses and Institutions use this as policy, so you have no choice, but you should be aware that things like email accounts and accounting applications etc, someone could be using your password to sit back and watch everything you do, so It is a good idea to change these. With bank accounts you would think that as soon as someone had them they would use them and you would now, but remember I mentioned in an earlier post about the “little” fish that steal your details and sell them on to the “big” fish. My advice is that the safest practice is to change your passwords from time to time.

I hope you can take all this in and please put it into practice, share the information with your friends, and feel free to ask me any questions, or offer you methods.