Strong, Easy Passwords
Passwords are probably the most widely used information security technique on the planet. You might have a couple PIN numbers for bank accounts but if you do anything on the Internet you probably have several or even dozens of passwords. I probably have at least 30 to 40 at any given time, and even as an information security professional, I think the number passwords the average person is supposed to remember is ridiculous.
There are two basic factors to consider when dealing with passwords:
- How many passwords you use
- How strong each of those passwords are
If you don’t have a separate password for every web site, your computer and whatever passwords are required at your job, you are putting yourself at risk. At the very least you should have separate passwords for different kinds of activities like your job, banking, shopping, social networks and informational sites. Your passwords should also be strong, which is defined a number of ways, but you should never write them down so they should also be easy to remember.
All in all, passwords can be pretty annoying to get right. So here’s a couple ways to make that a lot easier.
Creating Strong, Memorable Passwords
There is a lot of debate in regards to what constitutes a strong password. Some people say that length is all that matters, others will say that character complexity is the answer (numbers, punctuation, symbols which can only be produced using the Alt key and the keypad) and some say that the key is “bits of entropy”. What everyone pretty much agrees on are that short passwords, specifically words you can find in a dictionary or some common info like your birthday or anniversary, are very weak.
My personal password strength measuring stick combines all of those thoughts but mainly has to do with “chunks” of information. For example, if your password is “password”, that is one chunk of information, a single word. If you have a password like “d8dNkn,1”, that is 8 chunks of information because each character has nothing to do with the others and is essentially random. Fortunately there’s an easy way to compromise between a completely random password and a memorable password – the pass-phrase.
To create a pass-phrase, just think of a sentence that’s easy to remember. It could be a favorite quote or song lyric or jingle or advertisement or even something you make up, like “I’m sick of remembering all these stupid passwords!” Now, with that phrase in mind, take the first letter of each word and make a new password out of it, like so:
“I’m sick of remembering all these stupid passwords!” = Isoratsp!
You could expand it further by doing something like this:
“I’m sick of remembering all these stupid passwords!” = I’msoratsp!
Or this:
“I’m sick 0f remembering @ll these 5tupid passwords!” = Is0r@t5p!
That last password appears entirely random and will meet just about any complexity requirement you’re likely to run into, yet all you have to do is remember a sentence. You could even hide your password in plain sight – write yourself a note to do something and make a pass-phase out of it (although it shouldn’t conspicuously be the only post-it on your monitor for weeks on end).
Keeping Track of All Your Passwords
So now that you’ve got strong passwords down pat, how can you possibly remember them all? If only there was a secure way to store all of your passwords in one place! Luckily, someone else had this exact same problem and he also happens to be a security guru. A while ago, Bruce Schneier created a program called “Password Safe” which is literally a highly secure encryption database for passwords. Since then, open source programmers have improved the program, which is available for free from this site:
http://passwordsafe.sourceforge.net/
The most basic feature, naturally, is the storing of usernames and passwords but Password Safe goes beyond that – it allows you to safely copy the password to the clip board by double-clicking, offers a feature where a password can be typed into a web page automatically and provides a password generator for random passwords. You only have to remember one password to unlock the safe and the rest of your passwords are made available to you.
Passwords can be irritating and hard to use but pass-phrases and Password Safe make the pain a lot easier to bear.