I have often used the analogy of house keys as passwords. No one would leave their keys sitting around in a public area, hang their keys outside their front door, or hand out their keys to everyone at their school site. Likewise, no one should do this with their passwords. Writing down passwords (even if supposedly hidden) can leave them open to being stolen. Though having your keys hanging outside your front door would certainly make it easier for you to get into your house, it also makes it easier for everyone else in the world to do so. Using a Fisher Price plastic key for your front door would not be very secure either, just like using a weak, standardized, or universal password is not very secure. Passwords that have been set up for new accounts are supposed to be temporary as everyone would know this password and thus would have access to your account.
Now that we understand that passwords need to be personalized and strong, the question becomes how to create a strong password. The more characters in a password, the stronger it will become and the more difficult for criminals to guess. Additionally, adding in numbers, symbols, and upper and lower case letters will make your password even more secure. Whenever I teach others about creating passwords, I tell them that I have two simple rules:
- Make a password that is NOT easily guessable.
- Make a password that you will remember.
Of course, the key is in implementing these rules.
Here is an example of how to do this: I wouldn't use something that others know about me, but is somewhat personal to me so that I will remember it: maybe my Aunt's dog's name, Roscoe. Unfortunately, names are not good passwords, so I would change it in some ways - maybe add in some capital letters, RosCoe. Some letters look like numbers, for example an i or l looks like a 1, or a p looks like a backwards 9 or upside-down 6 - so in my Aunt's dog's name I can replace the s with a 5 and the e with a 3, Ro5Co3. I'm also going to choose something else to add to this, so that it makes it a little more difficult. Since my aunt is on my father's side of the family, I will choose my mother's father's birth year, 1942. I'll only take the last two digits and will connect it to Roscoe with a symbol, Ro5Co3#42. This password will be extremely difficult for anyone to guess or even to hack using password-guessing software. Even if someone knew the information I used, my Aunt's dog's name and my Grandfather's birth year, it would be difficult for them to guess which letters I capitalized or changed into numbers and where I placed the symbol. But, because I know this information intimately, it should be easier for me to remember. Though I wouldn't want to write the exact password down, I could write a hint, i.e. Aunt's dog, Gpa year. Having that cryptic note next to my computer would allow me to not have my password out in the open but also provide a hint for me to remember what I used.
Sometimes sites require that you change your password on regular basis, or sometimes you want to use different passwords for different sites. This can be accomplished by creating a base for your password and then change a prefix or suffix depending on the time or site. For example, if I wanted to use the above password as a base, then I could make a site specific password for an Amazon.com account as follows: Ro5Co3#42amazon. Or if you needed to change your password monthly, you can add in the month and year: Dec15Ro5Co3#42. Then each month when you change your password you only have to change the month and year in the front as needed but keep the base the same.
Great blog. Love the idea of equating passwords to your housekeys.
ReplyDelete