A while back I published a post about locking your computer to make it safe. In this post we will discuss how to create passwords that are hard to crack but easy to remember to keep your personal computer, accounts and company network more secure. In an attempt to remember our work email password, our personal email password, our bank password, our network access password, etc. many people use the same easy to remember combination of letters and numbers.
People also tend to make their passwords as short as allowed (4-6 characters). While this makes their passwords easy to remember it also makes them easy to figure out or hack. Instead of using a single word such as “Astaro01” for example some people believe they are clever and add a symbol into the mix making the password “Ast@ro01”. This fools no one, and programs designed to figure out passwords are aware of this “technique”. One suggestion for creating easy to remember yet hard to crack pass words is instead of using a single word, try using a short memorable phrase, for example you could use “the ASG 425 is a great Security product”. This is a great example because (not only is it true) it has both letters and numbers, capital letters and lower case letters and is easy to remember. Some accounts will not allow you to use this many characters to create a password. In these cases use the first letter of each word so our example would become: “tA4iagsp”. This method becomes even more effective if you then select a random symbol to replace a specific letter.
Some common examples are @=a or $=s but try using symbols that are not similar to the letter. So for example #=S making our password “tA4iag#p”. Because this combination of letters and numbers seemingly stands for nothing, it is as effective as typing in a completely random combination of characters, but has the added benefit of being easier to remember. This makes the password essentially not possible to crack with a dictionary attack and brute force attacks will need to try for a long time when at least one numeric, alphabetic, one capital alphabetic and “special” character are used. And remember, the more characters you have, the more resilient the password is to brute force. You can also try another technique, called the offset technique. First, take a normal password that's easy to remember, say “Password1!”. Normally this password is definitely not to be used. However, with the offset technique you can “offset by 1 left” or “1 up-left” or any other value you can think of.
For “1 left” you would take “Password1!” and shift one key on the keyboard to the left – for keys that don't have another functional key in the offset spot, just use the same key as the original password or wrap to the other side of the keyboard. “Password1!” becomes “Oaaaqies`~” if you use the same key for “a” or “P'aaqies`~” with wrapping. Just remember to check that the password you use has at least 1 of each type of character. These are just a few simple steps that can make your accounts and thus your personal and employer's network more secure. Of course, using a more effective password will not matter if you have spyware on your computer that logs key strokes.
This is why, despite your every effort to have effective passwords and to lock your computer, businesses must also have effective firewall, content filtering and other security products in place. This is just one method for creating effective passwords. Does anyone else have any suggestions for creating effective passwords?
The original article/video can be found at Basic Security Tips part 2 – Effective passwords