#302 Memorable AND Secure Passwords

Since October is Security Awareness month, I thought I’d try to do my part by giving you a pop quiz. (Don’t worry there is no punishment for not passing.)

Which of the following two passwords is stronger, more secure, and more difficult to crack?

D0g.....................
PrXyc.N(n4k77#L!eVdAfp9

Go ahead. Pick one. And no cheating…I’m waiting! 😎

Despite the fact that the first password is infinitely easier to use AND remember, it is also the stronger of the two. You might have suspected this was a trick question so let me explain.

First, both do well by incorporating at least one of each of the four types of characters. (lowercase letter, uppercase letter, number, special character)  This makes a much larger number of possible combinations that a hacker needs to try to guess. (And by the way they can guess them really fast. There are automated password cracking tools that can guess thousands of passwords PER SECOND!)

The difference is that the first password is one character longer which would take 95 TIMES LONGER to crack by guessing.

Assuming you use all of the four types of characters in your password THE MOST IMPORTANT FACTOR IS PASSWORD LENGTH!

Make Your Own Password ‘System’

One simple way to create your own unique, easy to remember passwords is to “pad” your passwords by simply adding some characters to the beginning, middle or end. When used along with a simple password formula we can easily come up with long and memorable passwords that are super-strong AND easy to use!

For example, if I insert the name of the site into a formula like this:

<* + UPPERCASE first letter of the site + & + lower-case letters from the rest of the site name + 23*>

I would get passwords that look like these:

Facebook     <*F&acebook23*>
Gmail            <*G&mail23*>
Outlook        <*O&utlook23*>

So you see, it’s actually pretty easy to make your own custom password system that is memorable and secure. And lest you think hackers don’t care about little old you…you’re probably right. But you have access to a lot of things they do care about like your bank and your company’s corporate network.

Steve Gibson’s Password Haystack page. has the best explanation of this, including a fantastic Security Now podcast.

Check Your Passwords & Password Managers

Since October is Security Awareness month, you should check to see if your passwords are as good as you think and and check out this review of three top password managers. (Personally, I’m a fan of LastPass.)

What about you? How do you handle creating and managing your passwords? Leave a comment and share what works for you.

Advertisements

One thought on “#302 Memorable AND Secure Passwords

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s