Improving your online security by making your password more difficult to hack but easier to remember.

February 20th, 2017
by Kristof

Passwords can be hacked - sometimes by a computer, sometimes by a human.

Here is my advice to people that want to make their online accounts more secure. We will start out with a real life example and build its complexity and, in the end, we will have a way of creating unique passwords for every possible use.

1. An easy to remember password is better than one you can't remember.
That means that "strawberry" is better than aj374h58&%$3djde.[ if you have to write it down somewhere. A password locker on your PC or app counts as writing it down - and you won't be able to log on if you don't have access to your phone or PC. Let's say my daughter's name is Louise. That's easy to remember. Let's go by Louise. It's easy to remember. The make of the first car you every drove, or you favourite dish would probably be a better pick, but let's go with super obvious now.

Password: Louise
Time to hack: instantly
Difficulty to guess: very easy

2. Use a combination of uppercase and lowercase letters
It makes it slightly harder for a computer to hack your password. Louise already has rule #2 applied. Ready to go.

Password: Louise
Time to hack: instantly
Difficulty to guess: very easy

3. Use a number somewhere - any number.
It makes it slightly harder for a computer to hack your password. I could use L0uise or L0u1s3 or I could simply use Louise2008, which is her year of birth. A longer password is always harder to hack, so let's go with Louise2008.

Password: Louise2008
Time to hack: 8 months
Difficulty to guess: medium

4. Throw in one or more symbols for good measure

It makes it generally much, much harder for a computer to hack your password and also for a person to just guess your password. It's still medium though, because anyone leaning over your shoulder may be able to guess the password by your typing. When picking a symbol, try to take one that is available on keyboards all over the world.

Password: Louise>2008
Time to hack: 800 years
Difficulty to guess: difficult

5. Make it unique and still easy to remember
If someone steals the user data from a website, they may be able to just read your password if that website has it stored in a database. Even if the password is encrypted, it can be reverse engineered. To avoid this, we would need to have a unique password for every website, every company we work at and maybe for every device we have. It's however simple to do.

Pick a number under 6 and stick with it - this is the number of letters you will be lending from every website, device or company you need to have a password for. The more letters you use, the longer your password will become and the less your password is likely to be hacked or guessed, but it also increases the time needed to type your password and the number of mistakes you could make. You can choose to have either the first or last 6 letters, or maybe even decide to skip the first 4 and then have the remaining 6 ... Let's say we choose the first 5 letters of whatever we are creating a password for.

Let's make a password for the company you work at - say IBM, your Google account, your account at DeviantArt.com and your password to unlock your Huawei P9.

IBM
I could use IBM in its entirety or take the full name (International Business Machines). I'll go with the second option.

Password: InterLouise>2008
Time to hack: 3 trillion years
Difficulty to guess: very difficult

Google

Password: GooglLouise>2008
Time to hack: 3 trillion years
Difficulty to guess: very difficult

DeviantArt.com

Password: DeviaLouise>2008
Time to hack: 3 trillion years
Difficulty to guess: very difficult

Huawei P9

Password: HuaweLouise>2008
Time to hack: 3 trillion years
Difficulty to guess: very difficult

6. Periodically changing passwords
This one is easy. When a company or website requires you to change your password every so often, add the year and month to your password. For IBM, in February 2017, it would look like this.

Password: InterLouise>2008.1702
Time to hack: 9 sextillion years
Difficulty to guess: very difficult

7. It works.

I have been using a slightly more complex version of this algorithm since 1990 and I can guess my password for most any device or website within 3 tries, even if I haven't been there for years - but even if a hacker got hold of my password for a certain device or website, it would be near impossible to deduce what my password is going to be for another website or device. The fewer characters you use from whatever you are pasting in front of your password, the harder it will be to guess but the more likely you're passwords will have "duplicates". A very simple example: if you only use the first letter of the website. Microsoft.com and MyLittlePony.com will yield the same password. Now throw out that notebook and that smartphone app and start actually remembering your passwords.

Posted in Selfish | Comments (0)

No comments yet

Leave a Reply

SEO Powered by Platinum SEO from Techblissonline