Posted April 15th, 2012 by Mark with No Comments
Let’s all say it together now: “I HATE PASSWORDS!” Now, doesn’t that feel better? For better or worse, passwords are a necessary part of living in the computer culture. More and more websites and softwares require that you create an account with a password. To make matters worse, every one of them seems to have different rules for what they accept: “At least one capital and one lowercase letter” – “2 non-sequential, non-consecutive digits” – “Can’t contain more than 3 matching characters of your user name.”
You get the picture. It’s obnoxious and getting worse (don’t even get me started on those fuzzy letter things called “Captchas”.) Most folks resort to one of two methods. They keep a notebook by their computer where they write down all of their passwords, or to the extent possible, they use the same password for everything. As you might have already suspected, both of these ideas are bad. They are like leaving a key to the front door under your mat. There may have been a time when that was acceptable, but that time is long, long gone. Oh, and just to get this out of the way, adding the digit “1” to the end of a common word does NOT – I repeat, NOT make a secure password.
For years, I have promoted the “letter substitution” method of creating secure passwords. Pick a word or phrase you can remember, then substitute similar-looking numbers for some of the letters. If a “4” looks like an “A”, then “Paris2007” becomes “P4ris2007”.
(extra credit: Google or Wiki “Leetspeak”).
While this is better than a regular word, it’s not as secure as it once was, and you’re still at risk if you pick one secure password, then use it for everything.
As we store more as well as more-important data on our computers and online, using and (ugh) changing more secure passwords is becoming unavoidable. Unless you enjoy getting hacked, that is.
So…..I’d like to offer a short tutorial on another method for creating good passwords that you can remember and then (ugh) change and still remember. I would love to take credit for this, but it comes largely from a great article by Farhad Manjoo found on Slate.com. First, the method, then some examples.
Step 1: Make up or pick a phrase or better yet two phrases (they don’t have to relate to each other). Make one of the phrases have a date or period that you can change.
Step 2: Turn the phrases into an acronym (use only the 1st letter from each word). Keep capitalization as in the original phrase.
Step 3. Use letter substitution for some of the letters. (“1” looks like “l”; “3” looks like “E”, “4” looks like “A”; “@” can be used for the word “at”; “$” looks like “S”; “7” looks like “T”, “&” can be used for the word “and”; “8” looks like “B”; “0” looks like “O”)
Step 4: To change the password use the period chosen in step 1, and just substitute the current period.
Clear as mud? Ok, let’s do some examples.
My phrase: “In high school I scored 14 points in 1st quarter of the homecoming game”
The acronym: IhsIs14pit1qothg – (you don’t have to remember the acronym – just say the phrase aloud or in your head and type only the first letter of each word – try it, it’s easy!)
The acronym with substitutions: Ih$I$14pit1qothg – (Notice I only substituted one letter, $ for S.)
To change this password you can divide the year into quarters, so on April 1st or thereabouts, you can change the phrase to “2nd quarter”, which changes the resulting password to “Ih$I$14pit2qothg.”
If you want to change the password monthly, for example, you might use the following phrase: I like corn on the cob, especially in August.
Password with substitutions: Ilc0tc3ia (I substituted a “zero” for the “oh” and a “3” for the “e”)
In September, this would change to: Ilc0tc3i$ (adding the “$” for “s” substitution)
Once again, the only part you need to remember is the initial phrase, and which letters you use for substitution. It’s simpler to only substitute one or two, and more secure to substitute more. Start easy and work up to more complicated.
For the most important passwords (your brokerage account, for example), use two phrases that are non related, like this:
Phrases: Kermit the frog was green. Its 10 degrees in January.
Acronym: Ktfwg_I10diJ (I used an underscore character to separate the phrases since spaces are usually not allowed in passwords)
Password with substitution: K7fwg_110d1J (I substituted “7” for “T” and “1” for “I”)
Each month, change the phrase, and make the temperature a multiple of the month (20 for February, 30 for March, 80 for August, etc.) So, in September, this password would become: K7fwg_190di$.
Since you are turning the phrase into an acronym, you can use familiar phrases without compromising the security of the passwords. I love jazz standards of the 40’s, so I often use the first line of a song and a singer as my phrase, e.g. “Johnny One Note was sung by Anita O’Day”. My second phrase might describe the weather here in Pittsburgh. “It’s cold in January”. The resulting password from this combination is “J0NwsbA0DIciJ.” In July, the second phrase might change to “It’s sunny in July.” This would make the password “J0NwsbA0DIsiJ.”
Ok, now go out there and change your passwords – I’ll wait.