1 reply to this topic

[James (Jim) Hillier]

If you’re anything like me you’ll have literally dozens of logins and accounts which require a password for authentication, and having lots of passwords plus a bad memory is not exactly an advantageous combination.

Anyone can easily create a very strong password in just a matter of seconds simply by typing a long string of random characters. Try inputting something like -%!Kln*0)?+0ubCN<:nH563 – into the password strength meter at How Secure Is My Password and you’ll probably be told it will last for something like 168 gazillion trillion years. That’s fine but it also raises 2 very important questions: how the heck is anyone ever going to remember a password like that, and do we really need passwords that will survive until well beyond our own demise? The answers are pretty obvious aren’t they?

Of course, there are many methods for saving/storing passwords but each comes with its own particular baggage and generally involves some degree of risk. What if we could create a strong password which we could also easily remember…here’s how:

The trick is in utilizing unique identifiers, words, names and numbers which are unique to your own personal environment, not on public record, and recognized only among family and close friends. Things such as nicknames, petnames and motor vehicle registration numbers. The latter is a particular favorite of mine, the family car’s registration number is indeed unique, not widely known, and generally close at hand.

Let’s create an example – for the purpose of the exercise we’ll use a married couple and their petnames: let’s say the husband’s petname is “Pooh”, the wife’s petname is “Mousey” and the family car’s registration number is 256-HWK. Now simply  combine all three to create a very strong password which can also easily be brought to mind: poohmousey256-HWK ~ mouseypooh256-HWK ~ or any combination.

For more critical authentications, such as PayPal, you can include just a little more capitalization for added security: PoohMousey256-HWK ~ MouseyPooh256-HWK

Inputting the last of those password examples at How Secure Is My Password generated this response: “It would take a desktop PC About 14 quadrillion years to hack your password.”

I think that’s probably quite long enough!!

CAVEAT: The above relates to normal everyday home computing activities. I recognize there will be special circumstances, such as site administrator authentication  and database access, where an insanely strong password would be preferable.

[marko]

Fab advice Jimbo - I remember many clients on a company account I worked for would generally all use the same password as it was easy to remember, believe it or not it was a well known brand of beer here in Scotland!!.   Fortunately, as we rolled out Active Directory we were able to enforce many policies onto their computers, one of which was a password policy which proved REALLY unpopular ... the next time they logged on to their computers they had to specify a password that contained at least one upper case letter, a special character and a number with a minimum numbers of characters!!.

Usually, the biggest issue with passwords is remembering them, hence why most use a password which is relatively weak .. normally, for those who struggle to remember passwords I recommend using a familiar phrase or word (at least something like 8 characters) and change some of the letters for numbers and make up the remaining characters with special characters.   For example, a child or grandchilds name could be something like "robert" and this could easily be changed to a password as follows "R0b£rt#/".   Normally, you would only need to remember the "#/" at the end and replace to "o" with a zero "0" and the "e" for a "£", with the first letter being capitalized.

According to the website, it would take 215 years to hack that password, so I think it's safe enough

Would be interested to hear how long everyone else's passwords would take to crack using that tool .. do post with your answers guys

PS - just for the record, my password isn't "R0b£rt#/"