Feeds:
Posts
Comments

Archive for July 24th, 2009

If I every have security or body guards, I know what they will be wearing.

If I every have security or body guards, I know what they will be wearing.

Passwords are tricky things.

On one hand it is often said to have unique, complex passwords for each website and every computer. On the other hand we can only remember so much before resorting to password books, spreadsheets of logins and sticky notes on monitors.

In years of part time computer consulting I have seen a bunch of different ways of approaching the password problem. Some have used the same four letter password for everything, occasionally appending a set of numbers if the site requires 6+ characters and numbers to be involved. Others have small address books with websites listed alphabetically with their logins and unique passwords. And recently I have seen an excel spreadsheet with websites, logins and passwords all neatly typed up with notes.

I have done my best to help secure everyone with decent password practices, or at least those best suited to the individual. For those with short and frequently used passwords I had them create a complex password for critical logins like e-mail and computer accounts. Those with small books are actually doing alright, even if their unique passwords are all one word with a number appended or pre-fixed every now and then. And for the individual with a spreadsheet, I could not stop the practice so I made them used an encrypted disk image to hold the password, encouraging them to store it on a flash drive, along with a printed copy as backup.

The challenge for most people in passwords is creating those that are complex enough yet memorable. I found the best method for people is in taking a phrase they know or like and altering it into something unrecognizable. For example a famous quote:

One day, Sir, you may tax it.

– Michael Farady in response to British Prime Ministers Gladstone’s question, “What good is electricity?”.

Then take a short segment of it, “you may tax it”, which is eleven characters and use that as a basis. Add in capitalization of each word, replace characters with numbers and maybe add a few extra on the end. For bonus points add in non-alphanumeric characters. To show how it looks:

  • youmaytaxit – remove the spaces
  • YouMayTaxIt – capitalize
  • Y0uM4y74xIt – replace letters with numbers
  • Y0uM4y&4x!7 – use the shift key
  • Y0uM4y&4k!7 – replace letters with their phonetic counterpart, or similar looking characters
  • Y0uM4y&4k!767 – add some number (the year Faraday died)

The beginning may still look recognizable but the end looks like random characters. A trick to use is just hold down shift for a particular segment, I find that most passwords become muscle memory so after adding in numbers throw in a shift key to get those odd characters.

Of course some websites don’t like this very much. I recently tried to update all of my credit card passwords only to find my sweet new passwords was not accepted due to some unacceptable characters.

Finally I don’t use the unique password for every site technique. Instead I have a half dozen or so passwords that are used depending on how secure that login needs to be. Internet forums have a simple six character password while banks and sites that store credit card information have longer, more complex passwords. Every now and then I introduce a new password and sort of shift everything down a level.

The best thing to do is practice so that password becomes set in muscle memory. Of course if you have ever have to login used an iPhone then all bets are off.

Advertisements

Read Full Post »