Thursday, December 05, 2013

My system for creating and remembering secure passwords: Part 1

I know, I keep interrupting my current ShBlog series to talk about something else! Y'all know I'm ADD, right? Not severely (I don't take medication or anything, unless you consider chocolate to be medication), but just enough where I do this kind of thing a lot.

About 5 years ago Darlene told me she thought I was ADD. "No way!" I said, then went to work. In a meeting with my boss, he then told me the same thing.

Anyway, what was I talking about? Oh yes, interrupting my blog. In the news yesterday was an item about a major social media hack affecting Facebook, Twitter, and Google users, and then some. About 2 million users have been affected, out of some 2 billion social media accounts on the planet. That gives you a 1 in 1,000 chance of being a victim of this hack.

Which is not huge, but for other reasons you want to be sure that your various online accounts are secured with great passwords. And truly great passwords are complex. "FIDO" is not a great password, for instance, especially if everyone knows the name of your dog is Fido. But, "MY2892fricken4613dogs8816name0109is9238FIDO!" is a pretty secure password.

Testing Password Strength

How do I know that? There are sites where you can plug in a proposed password, and they will tell you how long it would take a computer (which most people will use nowadays) to crack it. One such site I use is https://howsecureismypassword.net/. If you plug "FIDO" into the proposed password field on that site, it will give you the following info about how secure your password is:

It would take a desktop PC about 0.000114244 seconds to crack your password

I know, that's a hard number to read. Basically that's about one ten-thousandth of a second. And that computer doesn't even know your dog's name is Fido.

But how about "MY2892fricken4613dogs8816name0109is9238FIDO!"?

It would take a desktop PC about802 vigintillion yearsto crack your password

Now, I actually have no idea how long a vigintillion years is. But, I'm willing to bet it's a long time. (Actually, Wikipedia defines a vigintillion years as 10 to the 63rd power of years ... that's 10 with 63 zeros behind it. Like I said, a long time.)

So, it's actually easy to create a secure password. What I did above was take a random phrase I should be able to remember ("My fricken dog's name is Fido" ... although I think I misspelled "Frickin'"), replaced each of the spaces with random sequences of 4 numbers ... which you could do by using your social security number, telephone number, address, whatever numbers you might already be able to remember. I also added a symbol (the explanation point) in there. The longer your password is, and the more random, and the more mixed case (caps) and/or symbols and/or numbers it uses, the more secure it's going to be.

Random Password Generators

In case you have trouble thinking up such passwords, you can also use any one of a number of tools on the Web which allow you to easily create totally random passwords. My favorite is the password generator found at Random.org. It allows you to create up to 100 passwords at a time, of any length between 6 and 24 characters. This particular site uses letters and numbers (not symbols), of mixed case. It also avoids letters and numbers that can easily be mistaken for others (so no 1s, Is, 0s, or Os, for instance). I just asked for a 16-character random password and got:

JFdUJ2GzLhtv9x6H

Plugging that into the "How Secure Is My Password" site yields the following:

It would take a desktop PC about377 billion yearsto crack your password

377 billion years is probably secure enough for most people. In fact, if you work your way down to something a little shorter, say 10 characters, you end up with something like this:

Q2ka4nXW8w

Plugging this random 10-character password into the "How Secure Is My Password" site yields the following:

It would take a desktop PC about6 yearsto crack your password

If you go any less digits than this, your time-to-crack drops dramatically (I tried an 8-digit randomized password and was told it would take a desktop computer about 15 hours to crack that). So, I would recommend a minimum of 10 digits for any password. I doubt there are many hackers out there who would work for six years straight just to crack your Facebook password.

Next Time: Remembering Random Passwords

But the question remains: How do you easily recall a randomized 10-character password such as "Q2ka4nXW8w?" And moreover, since you shouldn't use the same password on all your accounts, and you should change passwords every-so-often, how do you remember (and keep straight) multiple numbers of such passwords?

Since I'm out of time and space, I am going to leave you to ponder these cliffhanger questions, and pick up this conversation in another blog, very soon! Until then, be safe out there! (And also, be sure to let me know your own ideas for creating and remembering secure passwords!)









  • 2 comments:

    kerryklaassenveale said...

    great information, Larry!

    Reading this blog and smiling reminds me of the columns you wrote for our college newspaper way back in the day!

    I will stayed tuned for your next blog entry...

    Larry Short said...

    Thanks Kerry! And may I say that all the credit for any success of my college newspaper columns must go to my extremely professional assistant editor. :-)