Sunday, January 20, 2013

Day 18: Advice - Creating Secure Passwords

This one is much easier for me! I'm full of advice for other people. And they love it, I know.

Seriously, if I had one very specific piece of advice for people, it would be how to create and remember secure passwords. It really annoys me when people use way-too-easy-to-guess passwords, putting their personal and company data at risk. I'm sure there are people at Microsoft who use the password "windows" or "computer." And too many people I know use the name of a child or pet. Or worst of all, simply "password."

I've heard lots of password advice, and I think most of it is good, but over the years I've developed my own system, and it is that which I am going to share with you now. Note that I am NOT going to give you ANY of my own passwords ... just a system for creating them and recalling them easily.

First, a couple of caveats. Password requirements vary from site to site. Some give you 6-12 characters, others 10-16. Some allow, some require some a mix of lowe rand uppercase letters, numbers, or special characters. Different sites have different length and complexity requirements.

That said, here's the system I use for creating (and retaining) secure passwords:

First off, remember that many sites require you to change passwords every so often. (As frequently as every 90 days.) Also, it's not a good idea to use the same password for different sites.

This means the first thing you should do is create a password SERIES that makes sense to you. And I'm referring to a series of similar words. For instance, your series might be the names of cities in your county. Or baseball teams in the national league. Or names of relatives. Whatever. For sake of example, let's take a series of names associated with prominent actors.

Second, decide on a series of numbers that you can use that makes sense to you. I recommend three to five numbers. It might be something like: the last 5 numbers of your social security number. (The more secure, the better.) Or four numbers representing a close friend's birthdate. I have a friend who was born 0519, so for sake of example we'll use that set of numbers.

So I take my series of words, in this case the last names of prominent male actors:



Now, I divide each name in half, in a logical place. (Whole words aren't good for password use.) Like this:

Jack | man
Wash | ington
Nichol | son
Bald | win
Kil | mer

In insert my string of numbers in the break, like this:


Next I denote a text position to capitalize, on each side of the divide. If you want an easy way to remember this, pick the first number in your sequence of numbers, 1 or higher. So in this case, it would be the number 1. So, capitalize the letter in the first position on either side of the divide, like this:


Finally, if you want a really secure password, pick an allowable "extracurricular" character (like an exclamation point), and insert it somewhere in your password, at a logical position. Since (in this case) the number 1 is our key number, we might wish to insert it after the first letter, like this:


So now you have a logically derived set of passwords. You can use them for different sites. If you want to remember which site you are using which password for, think about assigning a key letter position to represent which site you are using which password for. For instance, you might assign the very first letter in your password sequence to represent which site. For instance, "B" might represent your primary banking site; so you would use B!ald0519Win for your banking password.

So, even if you don't remember your password, you should be able to recall key facts, and the rules for creating your passwords. When it comes time to access your banking site, you'll think, What actor's name starts with "B"? Hopefully "Alec Baldwin" will come to mind. Then you'll think, how do I divide the word "Baldwin?" ...

Bald | win

Then, "What number sequence am I using to insert in the middle? Ah yes, my friend's birthday, 05/19." So the password is close to:


Then, "Which number in the number sequence first arrives after 0? Obviously, the number one. So my capital letter must be in the first position of each half, like this:


And finally, if the bank site allows or requires a special character, what is my special character? (Hopefully you'll remember it is an exclamation point.) And where should it be inserted? Since "1" is my key letter in my sequence, it will be inserted after the first letter, like this:


Wa-la! You have a very secure password protecting your banking site, and you've also figured out (using the logic of the system) what it is ... even if you can't remember it outright.

TIP: Change all passwords easily every 90 days, by changing the sequence of 3 or 4 or 5 numbers which you use. Move to another friend's birthday, for instance.

TIP: Create a "master password" that you will always remember, and use it only to password protect an encrypted file containing all your other passwords. There are plenty of password-keeper apps designed for this purpose, or if all else fails, you can always encrypt a Word file of your passwords.

Next, I am going to show you a foolproof system for remembering even the most random and obscure passwords!

No comments: