Friday, October 24, 2014

Do we really need strong passwords?

From Sophos Naked Security:

Do we really need strong passwords?

The answer is yes and no.  This is not a black and white issue.  What users need are complex passwords that are easy to remember.  This can be done in any number of ways.  The best way is to use mnemonics. 

What I mean by this is to use things that are easily remembered and combine them in an easy to remember way.  For example, lets say this is for your Amazon account.  Your name is John Q. Public and you live on 123 Main St Anytown NJ 08001 with a phone number of 856-555-1212.  Your wife is named Jane and you have two children, Joe and Bertha, a dog named Spot and a cat named Tom.  You can take parts of all this information and come up with a complex password that is easy to remember.

Lets begin with Amazon since this is the account the password is for.  Start with "Am", the first two letters in Amazon.  Just for kicks we'll throw in a "." period to separate this from the rest of the password.  So now we have "Am.".  Then we can add some letters from your name to this and a "." period as another separator and we come up with "Am.jQp.".  Next reverse your street number and add it to the password with another "." separator and you come up with "Am.jQp.321."

At this point you now have an 11 digit somewhat complex password.  We're going to keep adding info to it to make it even more complex yet easy enough to remember.  Next lets add the last four digits of your phone number and the first letter of your wife, children, dog and cats names with a "." to separate them.  Now we have "Am.jQp.321.1212.JjBsT.".  Finally lets just throw some "!" exclamation points for kicks and come up with "!Am.jQp.321.1212.JjBsT.!"

Using simple mnemonics you now have a highly complex 24 character password.  Since it is composed of things that have meaning to you, with a little work, it will be easy to remember.  Another advantage is that by using slight tweaks it can be modified for your other accounts to prevent password reuse.  For example:

Facebook - "!Face.jQp.321.1212.JjBsT.!"
Ebay - "!EB.jQp.321.1212.JjBsT.!"
PayPal - "!pP.jQp.321.1212.JjBsT.!"
Twitter - "!TwIt.jQp.321.1212.JjBsT.!"
Instagram - "!IGram.jQp.321.1212.JjBsT.!"

Hope this is of help to my readers.

No comments:

Post a Comment