Peter Grandstaff

Web Marketing for Your Small Business

Password Safety & Security Made Easy

How secure is your privacy?

These days we all end up with tons of passwords.  We rely on these passwords to keep sensitive information safe, but the truth is that information is only as safe as its password is secure.  In my experience people tend to use simple, insecure passwords because they have a hard time remembering long strings of letters, numbers, and punctuation.   Well it can be a lot easier than you might think.  I found this video put together by AARP and Google that gives a good introduction:

I’ve been a fan of using initial letters from a phrase to form a password since college.  That’s the method the Network Systems Administrator there taught me.  What the video above doesn’t talk about though is complexity.  Watch the longer video below for more on that.

A password made out of six lowercase letters is never going to be a strong and secure password, even if they are random.  The best passwords are at least 10 characters long and include uppercase and lowercase letters, numbers, and punctuation.  Okay, it’s about time for an example…

Crafting a Secure Password From a Phrase

1. Think of a line from a song or poem, a quotation, or a catchphrase. Don’t use your own catchphrase, or the quotation framed on your wall: you don’t want to use something easy to guess.  The foundation of your secure password will be the first letter of each word in your phrase.  If you’re feeling extra tricky you could use the last letters, or use the letters backwards.  Just be sure to include a capital or three.

For our example I’ll use a line from a Beatles song: “We all live in a Yellow Submarine” If that was my favorite song, or I had a big Yellow Submarine poster on my wall this would be a poor choice.

That gives us our letters, “WaliaYS” but what about punctuation and numbers?

2. Figure out a way to add numbers and punctuation to your letters. Make sure it’s logical enough that you can remember it.

Our example phrase makes this pretty easy.  We’ll add an exclamation mark and a number to the end.  What’s a number I’ll remember though?  1968, the year Yellow Submarine was released.
Ta-da, a strong and secure password that’s easy to remember! “WaliaYS!1968

That’s a 12 character password with good complexity, and you won’t forget it.  Of course, you have to make your own, this one is just an example.  It will seem awkward to type your new password the first few times, but after a few repetitions you’ll be able to type in your strong password with ease.

4 Rules For a Strong Password

As long as you follow some basic rules you can make strong passwords any way you like.

  1. Make sure your password is at the very least 8 characters long, 16 is even better. Each additional character makes it exponentially harder to crack the code.
  2. Include punctuation, numbers, and both uppercase and lowercase letters. Brute force attacks, that is trying every possible combination, often omit punctuation or numbers to increase speed.
  3. Never use information about yourself in your password. That means no birthdays, phone numbers, kids’ or kittens’ names, or addresses.  It’s too easy to guess those.
  4. Do not use dictionary words. The first attack hackers use is often a dictionary attack.  If your password is a dictionary word, or even based on one, it is easy to crack.

Common foreign language dictionary words aren’t a good idea either.  If you’re a word nerd you can use words from dead languages, or transliterations of words from languages like Sanskrit, Hebrew, or Arabic.  Just be sure to follow rules one and two above.

Passphrases and More

Even better than a password is a passphrase.  A passphrase is a password using multiple words, including spaces.  It could be a dozen words long rather than a dozen characters.  Not all systems support spaces in passwords, but it is becoming a standard slowly.  A good example is with wi-fi.  It’s always wise to secure your wireless network with a password or key.  If you use WEP security you won’t be able to include spaces in your password.  Using WPA security will allow you to make a passphrase up to 63 characters long, but 40 to 55 characters is a good length.  On a side note, WEP encryption is not very secure.  You should use WPA-PSK, Wi-Fi Protected Access Pre-Shared Key, for your wireless networks.  Use WPA2 if your hardware supports it.

If you’d like some more in-depth information on this topic this video gives an easy to understand overview of the more technical aspects involved:

Want more? Check out Security Focus.