Monday, December 09, 2013

My system for creating and remembering secure passwords: Part 3

In my last two posts, I shared ways to create random and/or complex passwords. Now to a system I have recently discovered for remembering random strings of characters and digits, such as passwords.

A memory technique book I recently read talked about how our brains are wired to remember things in unique ways. This was actually a relief to me. Memorizing a string of random characters and/or numbers and/or symbols, such as what a complex password might comprise, I formerly considered to be an exceedingly arduous task. My brain is just not wired to remember a random password sequence. And I actually think, while some are gifted with so-called "photographic" memories, very few of us have brains that function that way.

But what ARE our brains wired to remember? The book I read pointed out two things our brains are typically wired to remember ... and I fully agree with both:

1) Story. Particularly unique stories with unexpected twists. Most of us can create in our heads (and easily remember) stories that contain unique situations or sequences.

2) Journey. Basically a "journey" is a set of signposts in a sequence, incurred during a journey from point A to point B. For instance, you may frequently take walks around your neighborhood, or drive a long distance to work and back each day, or walk around your place of employment, visiting people in their cubicles. It's interesting that after finding our way the first time, we rarely have any trouble remembering exactly where to turn, how far to go before we turn, etc. You can walk through complex neighborhoods, even through forests where the trees all look quite similar, turning right or left at various landmarks or intersections or other signposts, often without even thinking about it consciously. Except in the forest, perhaps, there's little chance of you getting lost. Most of us remember journey (geography) fairly readily. We take daily journeys without fear of getting lost.

So, what if you were to combine these two types of memory together, in an effort to remember random strings of characters and/or numbers? What do I mean by that?

As an example, let me share how I remember randomly generated passwords. I went to Random.org just now and asked it to generate me a random password, 10 characters in length. It happened to come up with:
  • 2cAutjR3Ut
Before we start our "journey of imagination," let's create a few arbitrary "rules." One rule is that wherever a single-digit number appears in my password sequence, I will associate with that number an object that rhymes with it. For instance:

one = bun
two = shoe
three = tree
four = door
five = hive
six = sticks
seven = heaven
eight = crate
nine = sign
zero = hero

The second rule is that wherever a letter appears, I will associate that letter with a person I know whose first name starts with that letter. In cases where this doesn't work (such as the letter "i" ... I don't think I know anyone whose first name starts with "i") I will use a little imagination ... for instance, I associate the letter "i" with the famous writers' group known as "The Inklings," which was comprised of C. S. Lewis, J. R. R. Tolkien, and others.

The third rule I have is that when a letter is capitalized, I visualize that person wearing a cap of some sort. If the letter is lowercase, I visualize them with head bared. For instance, for "D" I visualize my brother Don, wearing a baseball cap.

So, the next task is to assign each object (representing a number) or person (representing a letter, either wearing a cap or not) to a signpost point in a journey. The journey can be a walk around your neighborhood, or around your workplace. Wherever, just pick something you can visualize in your mind.

So now, it's easy to use our imagination to create a story. The story is a journey, starting at a specified point and ending at a specified point, with the number of signposts or waypoints synchronized to the number of characters you wish to remember. For our 10 character password, I will assign a journey with 10 signposts, and an easy sequence to follow. For instance, our offices at work ...

The first signpost is the first office (on the left, occupied by interns) which you come to as you enter our department. Since our first character is "2," I visualize a lone shoe sitting on the chair in that office, representing the number "2."

The next office on the left is my office. The next letter in the sequence is a lowercase "c." I visualize our cat, whose name is Carmen, sitting on my chair, staring at my "mouse."

The third office is my boss's, Amy. That's easy ... a capital A, so I visualize Amy wearing a baseball cap, sitting at her desk and engaged in deep thought.

The next office (to the left, we are traveling clockwise) is our director's office, Johnny, up against the window. The letter is "u." This creates a bit of a problem, because I don't know anyone personally whose name starts with "u." So, at this point I can either resort to historical figures, such as Ulysses Grant, or celebrities, such as Uma Thurmin. Since our director is male, I choose Ulysses S. Grant, and visualize the famous general sitting at our director's desk, perhaps directing a civil war battle from his laptop ... bareheaded.

Next is "t" ... that's easy. My brother-in-law, Tom. No hat. Sitting in the office to the left of our director. Tom is a soldier, so I visualize him giving Ulysses S. Grant battle advice over the cubicle wall they share.

Next to Tom is our printer room. The letter is "j." My best friend's name is "John." So I visualize John (without a cap), standing in front of the printer, printing out some sort of report of how the battle is going.

Next comes our storage room. My daughter-in-law, Rebecca is standing in there looking through boxes. (She is a school teacher, and she is always shopping for school supplies.) Since it's cold outside and she's just visiting, she's wearing a knitted cap on her head. (The letter is "R".)

In the eighth position we have the number "3." I visualize a tree, growing in our interns' office (which is on the left of our storage room). This is fairly easy to do, since we haven't had an intern in there since summer.

The next waypoint on my journey around the office is an empty cubicle, which used to be occupied by our corporate relations manager. In this office, I visualize Uma Thurmin, with a cap on her head. (Actually, Uma looks a lot like our former Corporate Relations Manager, which makes it easier.)

Finally, we come to our conference room. And sitting at the table is another lowercase "t" ... it seems my brother-in-law, Tom, has finished shouting battle instructions (apparently Ulysses was victorious) and has now moved over to sit at the conference table and enjoy a victor's cup of coffee. And he is still not wearing a cap.

So, now that we have a story, and sequence assigning individuals or objects to various signposts, it just becomes a matter of mentally rehearsing the journey, which you have to do several times ... close your eyes and visualize yourself walking through the office, stopping at each waypoint and observing the item or person there and what they are doing ...

  • 2 - a shoe in the chair in the first office on the left
    c - our cat, Carmen, staring at my computer mouse ... no cap on her head
  • A - My boss, Amy, sitting at her desk wearing a baseball cap
  • u - Ulysses S. Grant, without a cap, sitting in our director's chair
  • t - Tom, without a cap, in the office next to our director
  • j - John, capless, in our printer room
  • R - Rebecca, with a cap on, in our storage room
  • 3 - a tree, growing in our empty intern office
  • U - Uma Thurmin, with a cap on, in the now-empty cubicle
  • t - Tom, capless, sitting at our conference table enjoying victory coffee
Yes, I know this sounds weird/bizarre, but that's one of the things that makes the "story/journey" memorable. The weirder the better! And, if you walk through the location a few times, visualizing the people or objects which represent each number or letter, before long you will easily be able to remember the whole sequence. Soon you will even be able to repeat it without discretely visualizing the weird little "story" you have created.

Do you find it easy to memorize random sequences like this? Do you use a system? Are you willing to try this one? I'd definitely be interested in your feedback!

Sunday, December 08, 2013

My system for creating and remembering secure passwords: Part 2

One of my jobs as a digital media manager for World Vision is to ensure that the passwords our staff uses to access web and social media platforms are sufficiently secure so that hackers are deterred from taking over our resources and using them to their own evil devices. When I arrived in my current department, nearly three years ago, I discovered that some passwords were as basic as "children." That's not a terribly secure password, especially for an organization that focuses on the needs of children.

I mentioned in my last post that a password like "Fido" can easily be hacked by current hacking software, in a matter of seconds. On the other hand, a randomized, 10-character password (including mixed cased numbers, letters, and possibly a symbol or two) might take 6 years or longer for a desktop computer to hack.

We also talked about sites that can help you create totally randomized passwords. But such passwords are obviously more difficult to remember. So in this blog I want to share with you two systems for creating complex passwords that you can more easily remember.

First System: Divide and Conquer

Step 1. Select a series of something you will easily remember. It might be favorite foods, restaurants, cities you have lived in, books of the Bible, names of friends, pets' names, whatever. For instance, let's say you are a big Mexican food fan. Your series might include:
enchiladas
tacos
tortillas
tostadas
chimichangas
etc. (Note, I am color-coding different components of the password just to make it easier for you to see how it all comes together!)

Step 2. Now think of a series of numbers that you can easily remember. It might be the last X number of digits of your social security number, or a phone number, street address, whatever. Let's say your phone number is 253-555-1212.

Step 3. Next, divide each word as close to the halfway mark as possible. (I divide between syllables.) Start at the top of the list. The word "enchilada" easily divides into "enchi" and "lada."

Step 4. Now insert your selected number between the two halves of the word, like this:

enchi2535551212ladas

Step 5. Next settle on one or more character positions you are going to capitalize. For instance, in your series of words, the short word is "tacos" which will probably divide like this: ta2535551212cos. The first half of the word is only two letters long, so let's say you decide to capitalize the 2nd letter of each half. So your two passwords now are:

eNchi2535551212lAdas

And your next password in the sequence would be:

tA2535551212cOs

Step 6. Finally, decide on a special symbol and insert it in a set place, such as the beginning of the second string:

eNchi2535551212!lAdas

and

tA2535551212!cOs

You will always put your symbol in the same position, so you can remember where. (Note: Some websites may not allow some symbols, which can mess up javascript processing. But an exclamation point is usually fairly safe.)

So, now you have a base password to start with (eNchi2535551212!lAdas). That password is 21 characters long, and https://howsecureismypassword.net/ says it would take 32 sextillion years for a desktop computer to hack this password. Pretty darned secure. But next we're going to make it even MORE secure!

Because, you know that you should NOT use the same password for more than one site, right? You should have different passwords for your Google, Facebook, and Twitter accounts, for instance.

Step 7. How to do this? The easy way is to simply add the specific platform name to the beginning or end of the password, like this:

GoogleeNchi2535551212!lAdas

That password is now 27 characters long and would take 6 decillion years to break. (Yes, that is a real number! A decillion, says Wikipedia, is 10 with 33 zeros after it.)

Now, some of your sites may have password maximum length requirements shorter than 27 characters. (Also, 27 characters may be a little onerous to type each time you need it.) For these two reasons, I recommend shortening either your string of numbers (say, to the last 4 digits of your phone number), and/or abbreviating your platform name (hence Google becomes G, Facebook F, Twitter T, etc.). Doing it this way, the shortest password in the series would become:

GtA1212!cOs

only 11 characters ... but even that short of a complex password would still take 4,000 years for a desktop computer to crack. Plenty secure! If you use GtA1212!cOs for Google, you would use FtA1212!cOs for Facebook, etc. (That way if someone ever hacks millions of Google passwords, they won't automatically get your Facebook password too.)

Hence the beauty of this system is that you can use a similar (but not identical) password for all your different platforms ... but then when you have to change a password (and I recommend changing them all at the same time), you simply move to the next phrase in the series ... from "tacos" to "tortillas", for instance. (Therefore your next Google password would become GtOrtil1212!lAs ... assuming the syllable breaks between the Ls? I'm not sure.) Your number stays the same, your sequence stays the same, your symbol remains in the same position ... in short, your system doesn't change. So as long as you have a commonsense system and a sequence of associated words you can recall, and a number you remember easily, it's relatively simple to create and keep track of all those different passwords ... while making each one very, VERY secure.

Second System: Punctuated Phrases


Other people I know use other systems which also make sense to me. For instance, some recommend taking a string of words you will easily remember ... like a portion of a Bible verse or a stanza of a song ... and inserting something (like a sequence of numbers you will remember) in between each word. Like this:

For1God2so3loved4the5world!

And of course you could combine this with my method of identifying each platform (Google etc.):

GFor1God2so3loved4the5world!

That 28-character string would take a desktop computer 525 decillion years to crack. (Better than the 52 seconds it would take to crack the password "children"!)

Or, you could even insert at least a portion of the reference (John 3:16 in this case) in between the words, like this:

GForJGodosohlovednthe3world!

Whatever you decide to do ... be consistent! But make sure it's sufficiently complex (at least 10 characters, including mixed case letters, numbers and possibly symbols) to put hackers out of business.

Insert special note here ... while I am giving you the details of a system I use and recommend, I am NOT giving you the details of the components of the system I use for my own passwords! (In other words, I am not revealing specific decisions I have made about the series of words or numbers, cap or symbol position, etc.) All my examples are just that.

So, go ahead and try if you'd like ... and good luck hacking me!

Next up, in the final part of this series, I want to talk about how to memorize truly complex or random passwords, or other difficult strings of letters and/or numbers. I have a terrible memory (I blame genetics) and so I was recently stumbled across a memorization technique that really works for me, much to my delight. I'll share the details in my next post ... so stay tuned!

Thursday, December 05, 2013

My system for creating and remembering secure passwords: Part 1

I know, I keep interrupting my current ShBlog series to talk about something else! Y'all know I'm ADD, right? Not severely (I don't take medication or anything, unless you consider chocolate to be medication), but just enough where I do this kind of thing a lot.

About 5 years ago Darlene told me she thought I was ADD. "No way!" I said, then went to work. In a meeting with my boss, he then told me the same thing.

Anyway, what was I talking about? Oh yes, interrupting my blog. In the news yesterday was an item about a major social media hack affecting Facebook, Twitter, and Google users, and then some. About 2 million users have been affected, out of some 2 billion social media accounts on the planet. That gives you a 1 in 1,000 chance of being a victim of this hack.

Which is not huge, but for other reasons you want to be sure that your various online accounts are secured with great passwords. And truly great passwords are complex. "FIDO" is not a great password, for instance, especially if everyone knows the name of your dog is Fido. But, "MY2892fricken4613dogs8816name0109is9238FIDO!" is a pretty secure password.

Testing Password Strength

How do I know that? There are sites where you can plug in a proposed password, and they will tell you how long it would take a computer (which most people will use nowadays) to crack it. One such site I use is https://howsecureismypassword.net/. If you plug "FIDO" into the proposed password field on that site, it will give you the following info about how secure your password is:

It would take a desktop PC about 0.000114244 seconds to crack your password

I know, that's a hard number to read. Basically that's about one ten-thousandth of a second. And that computer doesn't even know your dog's name is Fido.

But how about "MY2892fricken4613dogs8816name0109is9238FIDO!"?

It would take a desktop PC about802 vigintillion yearsto crack your password

Now, I actually have no idea how long a vigintillion years is. But, I'm willing to bet it's a long time. (Actually, Wikipedia defines a vigintillion years as 10 to the 63rd power of years ... that's 10 with 63 zeros behind it. Like I said, a long time.)

So, it's actually easy to create a secure password. What I did above was take a random phrase I should be able to remember ("My fricken dog's name is Fido" ... although I think I misspelled "Frickin'"), replaced each of the spaces with random sequences of 4 numbers ... which you could do by using your social security number, telephone number, address, whatever numbers you might already be able to remember. I also added a symbol (the explanation point) in there. The longer your password is, and the more random, and the more mixed case (caps) and/or symbols and/or numbers it uses, the more secure it's going to be.

Random Password Generators

In case you have trouble thinking up such passwords, you can also use any one of a number of tools on the Web which allow you to easily create totally random passwords. My favorite is the password generator found at Random.org. It allows you to create up to 100 passwords at a time, of any length between 6 and 24 characters. This particular site uses letters and numbers (not symbols), of mixed case. It also avoids letters and numbers that can easily be mistaken for others (so no 1s, Is, 0s, or Os, for instance). I just asked for a 16-character random password and got:

JFdUJ2GzLhtv9x6H

Plugging that into the "How Secure Is My Password" site yields the following:

It would take a desktop PC about377 billion yearsto crack your password

377 billion years is probably secure enough for most people. In fact, if you work your way down to something a little shorter, say 10 characters, you end up with something like this:

Q2ka4nXW8w

Plugging this random 10-character password into the "How Secure Is My Password" site yields the following:

It would take a desktop PC about6 yearsto crack your password

If you go any less digits than this, your time-to-crack drops dramatically (I tried an 8-digit randomized password and was told it would take a desktop computer about 15 hours to crack that). So, I would recommend a minimum of 10 digits for any password. I doubt there are many hackers out there who would work for six years straight just to crack your Facebook password.

Next Time: Remembering Random Passwords

But the question remains: How do you easily recall a randomized 10-character password such as "Q2ka4nXW8w?" And moreover, since you shouldn't use the same password on all your accounts, and you should change passwords every-so-often, how do you remember (and keep straight) multiple numbers of such passwords?

Since I'm out of time and space, I am going to leave you to ponder these cliffhanger questions, and pick up this conversation in another blog, very soon! Until then, be safe out there! (And also, be sure to let me know your own ideas for creating and remembering secure passwords!)









  • Wednesday, December 04, 2013

    How to be Transformed by the Discipline of Thanksgiving ... Part I

    Before Thanksgiving I promised I would provide a "Reader's Digest Condensed" version of a wonderful series on gratitude, blogged by my friend Dr. Doug Lee on his Whole Life Worship Blog.

    Here you go, starting with his November 11 post ...

    Exercising Thankfulness. Gratitude is like a muscle which grows with use. Like exercise, it's hard work, a discipline ... but worth it. As we go deeper into thanksgiving, we will discover how to leverage its transforming power for life!

    The Hardness of Starting to Give Thanks. If giving thanks were easy, a lot more people would be doing it! It takes discipline to set aside time, quiet yourself, focus your thoughts, and intentionally express thanks for all you should be thankful for (especially when you don't feel thankful!). As a good exercise, try using the inconvenience of a stoplight to express thanks for three things in your life.

    Thankful for Loved Ones. Many of the blessings God pours out on us come in the form of those family and friends who love us. Be sure to thank God daily for them, and to let them know how thankful you are.

    Thankful for What We Have. The most basic things we tend to think of as "ours" (like time, or breathing air into our lungs, or our ability to think, or move around) are not really "ours" ... they are gifts from God! A "sense of entitlement" is the besetting sin of our culture. In reality we are simply stewards of these basics of life. As in the Parable of the Talents, how are we investing what God has given us, even if it's somethign as simple as our time? Are we seeking to multiple the impact for His Kingdom? And the first step in such investment is gratitude.

    Thanks for the Memories. How often do we think about the people who have gone before us, and how their actions paved the way for the blessings we have received. My mom and dad have both passed into the presence of Christ, and how grateful I am that they shared Christ's love with me as a child. I have a half-lifetime of memories of fun family times with my family, which is now continuing with my four brothers and sisters. Too often we think only about the negative impact of any dysfunction (and all families have it). But, without the godly input from others that I have received into my life, where would I be today? And what about all the Sunday School teachers, pastors, Bible study leaders and more who have poured into my life?

    Thanking God for Our Jobs. Surveys show that the vast majority of Americans hate their jobs. But God has created us to be creative and industrious people. Our jobs are simply another opportunity to exercise stewardship and make a difference in the world around us, all while receiving the sustenance we need as a result! You may not be able to change the circumstances of your work, but, once again, you can change the most important thing about it: your attitude. And remember that, with God, "nothing is impossible."

    Giving God an Opening. Saying even the littlest “thank you” to God is like saying “Welcome, Lord! Come into my life!” It’s not just an acknowledgment; it’s an invitation. If we give God even a little opening, He does the rest. Ultimately he opens our souls to His everlasting and enduring presence.\

    Thanking God When It's Hard. The Bible says to "give thanks in every circumstance." But sometimes we can be confronted by horrendous, unthinkable trials: The loss of a child. Betrayal by a spouse or loved one. A desperate illness or injury. How can we truly be thankful for such things? The patriarch Joseph, who endured more such trials then we ever will, gives us a clue when he says: "You meant it for evil ... but God meant it for good." Paul assures us that God works all things together for the good for those who love Him ... and that nothing can separate us from that love!

    Recognizing Gifts From the Father. The man born blind, whose story is recounted in John 9, no doubt felt his blindness was a curse for many years, rather than a gift. But the reality was the opposite. Christ said that the blindness existed to display the glory of God in his life. It changed the course of his life dramatically. After being healed and becoming a disciple of Jesus, it's not difficult to believe that the man realized what a gift his "curse" had been, at least from an eternal perspective! Some of God's gifts are easy to recognize, others are "in disguise." Thankfulness is the key that unlocks the disguise.

    You Get What You Get, So Be Thankful for It. The Bible says that "contentment with godliness is great gain." We all know people who have a lot of stuff, but aren't content. We may also know people who don't have much of this world's goods and advantages, but are very content. Who between the two has the greater blessing? For so many of us, the goal is accumulating stuff, when it should really be gaining contentment. And thankfulness is the key to gaining contentment.

    Starting with Doug's November 25 post, "Thank You for Creating Me," he adjusted his focus to those things which God has done (universally) for all of us. I will finish up this summary tomorrow by highlighting his remaining three posts. In the meantime, I hope you had a wonderful Thanksgiving Holiday and will continue to practice the discipline of gratitude!