TechPhobia.info

Passwords have been around for a long time. They provide a method of proving that “You are who you say you are.” Security experts would refer to this as “Something (only) you know.” When logging into a website it is customary to input a username and password. The username is who you are and the password confirms that you are who you say you are.

Usernames are usually public. This allows people to find each other and interact with people they know online. Passwords, on the other hand, are private and provide security for the account.

How secure is your password?
Most people choose passwords that are easy for them to remember, rather than passwords that are secure. Often times people choose the first thing that comes to mind, sometimes that’s a password they are already using. (See Convenience vs Security.) If it’s possible to figure out your password then it is possible to get into your account. To make a password secure, keep these things in mind:

Password Length
The longer the password is, the harder it is to guess. That means the more secure it is.

Randomness
If the password is or contains common english words it will be easier to guess. To create a more secure password it is good to use letters and numbers as well as symbols and punctuation. If the service differentiates between upper and lower case it is good to use both as well. The more the password looks like gibberish the more secure it is. (But, it’s harder to remember.)

Use Different Passwords
Many people use the same password for everything. This is a very insecure practice. What it means is that if someone finds out your password for one account they essentially have your password for every account you have.

Creating “Perfect” Passwords
The perfect password would be a long string of completely random characters. For even more security, every different account a user has should have a different password. That is why experts such as Steve Gibson and Leo Laporte suggest having a Personal Password Policy. Using a Personal Password Policy allows for the easy creation of random-esque passwords.

Personal Password Policy
The concept of a Personal Password Policy is simply having a method of creating a random looking password that can both be easy to remember and very secure. The purpose of having a Personal Password Policy is to know exactly what your password will be, even before you sign up for an account somewhere.

Creating a Personal Password Policy is simply creating an algorithm or method that can be used to create a password at any given time. Here are two example algorithms: (Since these are examples, it is advised that you do not use these for your actual algorithm.)

Take the letters of the website name or service and intersperse them with a specific date.
Example: Site: Amazon.com, Date: 6/7/08
Password: A6m7z0o8n

Shift letters of a word or phrase one letter to the left on keyboard.
Example: Phrase: Green-Tea
Password: Fewwn0Rw’

There is no limit extent of the algorithm. The important thing is to have one in place so that it can be used when a new password must be created. For more information on Personal Password Policies, I would highly suggest listening to Episodes 4 and 5 of Security Now (links below.)

Password Links:
Perfect Passwords from GRC
https://www.grc.com/passwords.htm

Security Now Episodes:
Personal Password Policy (Episode #4) Security Now Homepage
http://media.grc.com/sn/SN-004.mp3
“Everyone who uses web-based services such as eBay, Amazon, and Yahoo, needs to authenticate their identity with passwords. Password quality is important since easily guessable passwords can be easily defeated. Leo and I recap a bit from last week’s program, then discuss passwords. We suggest an approach that anyone can use to easily create unbreakable passwords.”

Personal Password Policy -Part 2 (Episode #5) Security Now Homepage
http://media.grc.com/sn/SN-005.mp3
“Our previous episode (#4), which discussed personal password policies, generated so much great listener feedback, thoughts, ideas, and reminders about things we didn’t mention, that we decided to wrap up this important topic with a final episode to share listeners’ ideas and to clarify some things we left unsaid.”