Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Making Passwords That Are Easy for You to Remember but Difficult for Others to Guess
06/29/2015

Master lock with root password

A password should be something that only you know so that when you present the password it proves your identity.  But if passwords are easy for others to guess, they can claim to be you and present the password to “prove” they are you.

Longer and complex passwords are harder for others to guess, but they might be hard for you to remember.  Writing them down on a Post-It note stuck under your keyboard is not safe.  Neither is putting them in a Word or Excel document (even if the document has a password).  So, here is a trick to making passwords that are easy for you to remember but difficult for others to guess.

Easy to guess words

Any word in a dictionary, your name (or part of your name), your address, your phone number are all things that are easily guessed.  Lists of the most common passwords in a year are published every year.  I have seen brute force break in attempts at multiple customer sites where the hacker was trying several common user names (such as administrator, admin, root, manager, supervisor, Ann, Bill, Charles, etc.) and thousands of passwords.  These are called “dictionary attacks”, where a computer tries every possible password in its dictionary (and the dictionary is probably ordered in popularity order).   Computers are good at guessing (by brute force) because they can make a lot of attempts is a short period of time.

Complex words

To get away from dictionary attacks the password needs to be complex by using a combination of upper case letters, lower case letters, numbers and special characters.  People tried making a password by substituting symbols for some of the letters in a common word.  For example, a password might be Tr0ub4dor (that is a zero in the third character).  But they can be difficult for you to remember.  “Let me see, was it Trombone, no Troubadour.  I know there was a zero for one of the characters and one was a capital, but I don’t remember which one.”  And I have bad news for you; the hackers are aware of character substitutions and have loaded their dictionary with them.  We succeeded in making passwords that are hard for you to remember but easy for computers to guess.

Passphrase

A better way to make a password is to make it a passphrase.  You think of a phrase that is easy for you to remember but would be difficult for someone else to guess.  It has at least eight words (twelve or more is better).  For example, the phrase might be “I like to go to the beach every Friday.”  From the phrase you take the first letter of each word to make a password, using letters, numbers, and special characters to represent each word in the phrase.  So the password becomes “Il2g2tb@F.” (without the quotes).  It uses proper capitalization (this example starts with a capital I and then a lower case L and has a capital F for Friday) so it has upper case and lower case letters.  It uses symbols to represent words with a similar sound or meaning and has the sentence punctuation.  So, it is complex, but easier for you to remember.  It is not anything in a dictionary and not a common password.  Even if someone were to get a glance at it, it looks like total gobbledygook, so it would be very difficult for them to remember (without knowing the phrase from which it comes).  It will be easy for you to remember because each letter has a meaning.

OK, typing it will be like trying to dial one of those phone numbers that spell something (like 1-800-get out of jail).  You have to think of each word one at a time and find the character for it.  People hate those phone numbers.  So why do companies keep using them in advertising (and paying a premium every month for the number)?  Because they are easy to remember.  (Are you going to remember 1-800-438-6885?)  Yes, typing the password will be a pain, but only for a while.  Through repetition of the procedure of typing the password, you will soon develop “muscle memory” where your fingers will type the password without much thinking.

Professional Services

If you need assistance with a security assessment, IT Professional Services can help. Please contact us.

Find out more about our Managed Care service.

To find out how vulnerable your network is schedule a free network security analysis today.

ws03eos.shtmlread more >>>read more >>>read more >>>