Monday, August 29, 2016

Password Security - the easy way

Strawberries and bananas are my two favorite fruits.

That's a boring way to start a blog post, right? But it's also the key to awesome password security. I'm talking Fort Knox security, or even Norse gods with giant swords security!


image credit - flickr Giuseppe Milo

Three of my friends and/or family members have been hacked online within the last 30 days.
  • One person's Facebook account was hacked; all his friends started receiving messages to check out a certain website for a good way to earn easy money.
  • Another person's Email account got hacked, with similar results. She ended up having to shut down that email address and create a new one.
  • A third person's Bank Account got compromised. They had to spend the better part of an afternoon at the bank cleaning up the mess.
The thing is, there is an easy way to use a complicated password which is unique for every website you visit.

Real Simple Password Security

1.) Creating a Password Base

We're going to start by making a password "base" that's difficult to crack:
  • At least 8 characters long
  • Appears to be random
  • Contains upper and lower case letters, along with at least one number and one special character
Remember my boring sentence from the start of this article? Strawberries and bananas are my two favorite fruits. Yes it's boring, and it might not even be true, but it's easy to remember.

First let's replace a couple of words with symbols and numbers: Strawberries & bananas are my 2 favorite fruits.

Next we'll just use the first letter of each word: S&bam2ff

And there you have it - an 8-digit string of random characters with upper and lower case letters, a number, and a special character.

Note - other easy options for special characters include $ (if your phrase includes a price or value), # (talking about quantity or uniform numbers), or ! (at the end of your phrase to add a little oomph.)

2.) Make it different for each website

The second half of password security is making your password different for each website. This way if, or when, one of your accounts gets hacked, the bad guys don't also have access to everything else - including ALL of your financial accounts!

You can do this by adding something specific about each website to your random-looking password base - ideally we'll add 2 more characters to form a 10-digit password.

Adding the 2nd letter of each website to the front of your base, and the 3rd letter to the back of your base, would look like this:
  • Facebook (a, c) would become: aS&bam2ffc
  • Netflix (e, t) would become eS&bam2fft
  • Google (o, o) would become oS&bam2ffo
  • Wells Fargo (e, l) would become eS&bam2ffl
All of these are very complicated-looking, and more importantly they're all different from each other. But they are super easy to remember - since you know the code.

There are dozens of options for adding website-specific characters:

  • Pick any two of the 1st, 2nd, or 3rd letter of the website. Facebook could be f + a, or f + c, or a + c.
  • Count the number of letters in the website's name, and use that number. Facebook would be 8.
  • The letters could be lower case or Capitalized.
  • You can add the letters to the front of your password base, or to the back of it. Or you can split them up by adding one to the front and one to the back.


That's it - Simple as pie

Step 1 - think of an easy to remember password phrase, and abbreviate it to an 8-digit string of letters (caps and lower case), numbers, and special characters.

Step 2 - create a formula for using 2 letters or number(s) uniquely for each website that you log into. The formula will always be the same, but the letters will be different for every website.

That's it - Simple as pie. You now have a very complex password, which is different for every website but which is also easy to remember.

Learn it. Know it. Live it.

- Chris Butterworth

.