Be Smart About Your Passwords - Part Two

Written by:
August 31, 2011

Welcome to the second and final installment of my two part post about password management. Let me prepare you now; this post may get a bit technical because I want to make sure you understand the need for strong passwords, and understand why and how your password may be vulnerable. Worry not, I'll be sure to include links to additional information if you're interested in learning more. Let's get to it.

What Makes a Password Strong?

The very short answer to this question is length (no pun intended). Traditionally we've operated under the assumption that more complex password are more secure, but given the way most password cracking tools work what really matters is length not complexity. The reason for this is that "bay guys" aren't sitting around guessing what your password is, they're most likely using a tool that simply tests all the possible combinations of letters, numbers and symbols in a given length which means the longer the password the exponentially longer it will take to guess the correct combination. For a more detailed and technical explanation please listen to Security Now! Episode 303: Password Haystacks.

What this means, is that you want your password to be as long as possible but not necessarily so complex that you can't remember it. Now there are some general rules:

  1. DO NOT USE dictionary words. The reason for this is quite simple. Words that appear in the dictionary are the first to be cracked. Visit this website to see a list of the Top 500 Worst Passwords of All Time and make sure your password isn't on the list.
  2. DO NOT USE easily acquired personal information (i.e. your date of birth, social security number, anniversary etc.). These are bad passwords for a number of reasons. Firstly, anyone targeting you (or anyone who even knows you well enough) can easily get this information or may already know it. Secondly, a password containing all numbers will be cracked by a tool VERY QUICKLY.

How to Make a Strong, Easy to Remember Password?

Keeping in mind that what matters most is length, your main goal is to devise a scheme where you can create a long and easy to remember password with only just enough complexity.

My recommendation is that you devise a phrase that you will easily remember and modify it slightly for each system you use the password for.

Example: Let's say you started your first job on April 24, 1998 then you might create a scheme that will use this information to generate a strong, unique password like:"

I started working @ gmail.com on 4/24/98" (without the quotes even though you could use the quotation marks as well) for your Gmail account and "I started working @ wellsfargo.com on April 24 98" for your online banking.

The first password is 40 characters in length and is just as strong as "C@&yP6l@fW!4^rf$k@QFLCV5#24MM#58LLh1G&85" which is also 40 characters in length but as you can see the first one is MUCH easier to remember.

Keep in mind that not all services will allow you to create such a long password. Some websites or systems limit you to only twelve (12) characters or less which means that you need more variability. In these cases make sure you have at the very least one (1) uppercase letter, lowercase letter, number and symbol. Using the same example as above you may have gMail@042496 as your password or something similar. This way you'll only have to remember your special date (only something you would know) and the website you're logging into. The key is to develop a formula, once you memorize the formula you won't have to remember individual passwords.

Wrapping Up

So now we've discussed using a password manager to generate and store the many passwords you have to use everyday and we've also discussed creating your own personal, unique formula for generating secure passwords when it's inconvenient to use a password manager (to log into a computer or application for example). The main points to keep in mind are:

  1. Choose a password manager and use it. The less passwords you have to commit to memory the better.
  2. When you need to create a secure password, remember length is generally more important than complexity.
  3. Develop your own unique password generating formula, memorize the formula not the passwords.

Disclaimer: Please do not use the exact schemes described in this post. They're provided just as an example of how you can use your own personal information to generate easy to remember secure passwords.

Additional Links

GRC Password Haystack - See how longer passwords are generally better and that complexity is less important.

XKCD: Password Strength - A fun comic strip on this very subject and inspired by the above link.

Get in Touch
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
View this profile on Instagram

Invizio (@teaminvizio) • Instagram photos and videos

SupportContactAboutBlogWe're Hiring!Privacy PolicyTerms & Conditions
© 2024 Invizio. All right reserved.