Sections
Social Media

« Social Engineering and You - Filtered | Main | VLC Media Player - Filtered »

Powerfull Passwords - Filtered

DateTuesday, September 8, 2009 at 12:21PM

Why Passwords Again?

Those of you that have been on the site before probably remember my article on passwords & the Yubikey, but after hearing a interesting comment from Steve Gibson again on the weekly set of podcasts, I thought it would be good to offer a simple yet powerful way to have good passwords that even mom and dad can make use of.

Secure Yet Easy?

So what makes a secure password? Well a long string of random characters, mixed upper and lower case, with symbols is a good start. Let's not forget that you should use a different password for each login you have... oh yeah... So in the perfect world, you would have multiple long random passwords, but if you can't remember them what good are they to you? Well here's the trick, and it will go against what you have heard in the past about secure passwords...

Write Your Passwords Down!

Wait... What? I know what you're saying "Writing down a secure password, makes it the opposite of secure!" This is true, but before I explain the trick that Steve said, lets think of why writing down a password could work.

1. If you can't remember a long password, you will use weak short ones

if your password is '12345' it doesn't matter if you would never give the password up under any amount of duress, a hacker will figure out your password in a snap.

2. Just because you write the password down, doesn't mean you attach it to your monitor for all to see.

Keep the password in your wallet, most people tend to protect their wallet so put it on a slip of paper in there, but don't write what site it is for above it, then at least you have some protection in terms of someone needing to figure out what that random string is for if they do get your wallet. (by no means am I condoning security by obscurity)

Fine, I Write The Password Down... Now What?

Don't write it all down! Yes you read that right, write down the hard random part of your password, because you won't remember that, but when you make your password, add something to the password (beginning, end, middle, wherever) and don't write that down. Ideally it wouldn't be something simple like '12345' but I suppose it could be and the resulting password would be much better than a simple password, or one you simply write down. The thought here is that as long as you know the system for how you add to the password, for example "Place my mother's birthday at the front, and my birthday backwards on the end" you will have a strong password. Even if someone steals your wallet, or somehow gets that password your wrote down, They have nothing. Heck if you wanted to, you could even attach that password to your monitor, since as long as you know what to add to the password, it doesn't matter who can see it! While you have a strong password that is much easier to remember than random junk, and much more secure than a simple password.

Passwords - Filtering The Filter

Ok, nothing super hard about this one, but just to recap

  • Simple passwords are weak
  • Strong passwords that you have to write down are weak
  • Strong passwords written down and kept safe are stronger
  • Strong password written down with easy to remember pieces added to it are very powerful
AuthorMatt | CommentPost a Comment | | Print ArticlePrint Article
tagged , in

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.