It is possible for your passwords to be both secure and easy to remember, despite popular belief. It is not necessary to write them on Post-It notes “hidden” under your keyboard.
There is a lot of misunderstanding regarding what a secure password looks like. Most people envision a long series of random letters and symbols, which are tough to type and tougher to remember.
In truth, you can create highly secure, easy to remember passwords with little effort.
First, we need to recognize our foe. It is probably not Janitor Joe or Edward Employee sitting at your computer typing one guess after another. More likely, it is a computer program written by password security experts blazing its way through a significant list of possible combinations. Let’s face it, modern computers are fast and they can work their way through thousands, millions or even billions of guesses every second.
To make guessing more difficult, many computer consultants suggest doing character swaps by replacing, for instance, S with $ or E with 3. So, the word “secret” changes to “$3cr3t.” Another common technique is to type a simple password, but to move your fingers one key to the right from the home position on the keyboard. Not surprisingly, hackers know these techniques, too, and account for them in their attacks.
In fact, in a world where systems can make billions of guesses per second, the length of a password becomes one of the most critical factors. For instance, “D0g----” is easier to crack than “@o72!Pw,” and both are orders of magnitude easier than “GooseCarSockBox.” Each of these passwords is longer than the last, meaning that there is an increased number of possible character combinations for hackers to work through. The interesting part is that the last and strongest one is the easiest for humans to remember. Web comic Randall Munroe summed this situation up very nicely in one of his (rather famous) xkcd.com strips. He noted, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
If you are wondering about the password you are using now and have a few moments, go to the website www.grc.com/haystack. From here, you can type in your favorite password and the site will immediately estimate how long it would take for various attacks to crack it. It can be very educational.
While I am certainly saying that password length is critical, I am not arguing against “leet-speak,” the geek’s term for replacing letters with numbers and symbols while typing. Indeed, the greater the possible pool of characters, the better. If I’m trying to guess the first character of a password containing all lower case letters, then I have 26 possible options. If it might also contain a capital letter, there are 52 possibilities (26 lower case + 26 upper case). Add the chance of numbers and symbols, and the number of possibilities for any given character increases significantly. Leet-speak, however, cannot stand alone.
Password length is a critical factor.
I suggest keeping things simple. There has to be a balance between security and usability. The multi-word password system works great. The passwords are easy to remember and easy to type, but I would make one change – surround it with a symbol of your choice. A password like “!ShoePhoneHorse!” is very strong, but is easy to work with. Later, if you find that you are required to change the password, leave the text and change the symbols.
My wife took an entirely different direction. She didn’t want to be bothered remembering lots of passwords, so she decided to use a program that does it for her. Security experts recommend that you use a different password for each website you log into. That way, if a website is hacked and a huge number of passwords get stolen – a situation that happens all too often these days – your exposure is minimized. Unfortunately, this means that you are managing lots of passwords. To combat this, my wife installed the free app KeePass, and added all of her passwords to it. Rather than memorize and type passwords, she copies them from KeePass and pastes them into whatever site she is trying to log into. All of her passwords are unique, all are long, and all are complex. For the techies out there, she also stored the KeePass database in DropBox, giving her the ability to sync her passwords between home, work and her iPhone.
Passwords control access to more information than we realize. They protect our correspondence, our financial information and our identity. Moreover, ever larger amounts of this information is being stored in The Cloud, a place where your password is the only thing separating you from the rest of the world. But the passwords don’t have to be difficult to remember. With a few minutes of planning and a little thought, you can simplify your life and increase your security at the same time.