Security 102 – Passwords

You need more than one password.  You probably need more than three.  If a hacker or social engineer gets one of your passwords, you don’t want him to hold all the keys to your kingdom, right?  So keep banking, healthcare, and general web access (not related to banking or healthcare) separate.

Most places that require strong passwords have the following rules:  At least 8 characters (more is better), and it must include Capital and lower case letters, numbers, and special characters (like !+-_”~@ etc).

You need a different password for each online bank you use.  The easy-to-remember, hard-to-guess strategy for a banking password might be using the bankname or initials with your initials and a number or two that is meaningful to you.  For example, if it’s your main bank account you might use BOA-me-1 or if it’s secondary put a two on the end. Mix it up, and if you use the one I just used for an example you don’t need to read any further, I can’t help you.

If you take advantage of online healthcare and order your prescriptions or make appointments online, you need a different password for that.  Use the same principles.  You might use some form of the name, some initials, some numbers and maybe a dash or star or something just to make it that much harder to guess.  I like to separate the pieces of my passwords with dashes.  Easy to remember, hard to hack.  That’s called chunking (not to be confused with bad Chinese food in a can).

Other places on the web that require a password for access but don’t affect your money or health can probably all share a password.  It depends on how much information you give them, and how much it would hurt if someone else got ahold of that information.

How to Build and Remember Strong Passwords

People remember things differently, and most passwords are easier to remember if they spread the work out across our brain – using combinations of techniques and things that are meaningful to us.  Think about getting songs stuck in your head. Why do they stick?  Or, how many e-mail addresses do you have memorized?  Phone numbers? Rhyming is good, cadence matters, and patterns help us remember.  With that in mind, here are some suggestions to help you build strong passwords that you can remember.

1. Use a fake e-mail address
Pick a name:  Homer
Pick a related phrase: loves donuts
Homer@lovesdonuts.com
Monitor sticky note hint – Homer eathing a donut or just one of the Simpsons

2. Use a word you have strong associations with, make some substitutions, and then add 4 extra characters at the end
Maybe you grew up in Fairfax –
Substitute a 4 for the the a, and a 1(one) for the i.
Add four characters to the end that you can type easily.
Result :  F41rfax1112
Monitor hint – make the hint “city1112” and you’ll likely be able to remember the rest of it.

3. Use three+ words/numbers that rhyme – add numbers or punctuation and capital letters
22-Blue-Skidoo
95816Pickup-Stix
URGR8NoDebate
2FunnyHunnyBunny
wordz-wordz(okay!) (don’t use this one, PITA to type)

4. Repeat words
Work!Work!
Happy!Happy!
woof!woof!doggy

5. Use visualization –
IceCreamMelts2
BlueScreenOfDeath!1!1
DaisiesAre2Pretty
Monitor hint – a picture of your password

6. Chunking –
abc-AAA-BBB-CCC
brains+exploding+now
Be-Here-Now-Girl

7. Number combos
Eleven-11-12!
44-Forty-Four-11
123-One-HundredTwentyThree

8. Humor –
Gone Crazy-BRB
I Love My Job

9. URLs/domains
http://www.ILoveMyJob.com
http://www.BeHereNow.com

10. Phone numbers –
Some combination of letters plus an old phone number you remember makes a great password.  Using your current phone number is just dumb.  Initials interspersed through a zipcode could work, but it will be a bitch to type.

11. Sentences with spaces –
I Hate Changing Passwords
Password Rules Stink Out Loud
I love my IT department

Final Suggestions

If you have to change your passwords every 60 or 90 days, use one new word a year and add the month or quarter name or number – JuicyFruit-60, JuicyFruit-120, JuicyFruit-180 etc.  No human can remember different passwords for different functions and have to change them all the time if they are a) random and b) non repetitive.  What happens is that you’re forced to write them down and paste them under your keyboard or on your desk pullout or God Forbid right on your monitor, which of course makes the whole thing an exercise in futility.

Last but not least:  When you’re coming up with your password, give it a few trial runs on your keyboard.  Make sure it’s actually “typeable”.   I just recently screwed myself with an email password that is so hard to type that I generally have to type it 3 times before I get it right.  But I do remember it!  Next time, I’ll do the run through first … Live and learn, baby.

2 thoughts on “Security 102 – Passwords

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s