Making I.T. Happen
Accounting and Information Technology, Assistance and Support
Passwords

What a lot of people do is to use their partners name, the name of their pet or some other simple word for everything!

"buffy" "timmy" and "fluffy" are simply not a good passwords.

The thing is that these are not difficult to guess, there are thousands of computers infected with viruses that among other things are trying to crack every account they can find to spread themselves and they are successful simply because there are so many easy to crack accounts.

We need to make it more difficult for them, but at the same time we need to have a life outside of memorising passwords.

Here are my suggestions on how to have passwords which are not dictionary words or names but that can be remembered easily.

The first thing you can do is to have really long passwords made out of several words joined together.  Crackers will always go for the short simple words and 2 digit number because so many people use them.  Something simple but long will be hard for them eg johnpaulgeorgeringo is a pretty easy password to remember, but it is un-likely a cracker will try this, there are so many much more easy choices that will work. Each extra letter adds an order of magnitude to the task for a brute force attack. For a name/dictionary attack it is much more simple it is only 4 common words glued together.

The next thing you can do is to have non words for example tbajpgar - but how could you remember that?, "the beatles are john paul george and ringo" is the phrase to remember, the first letter of each word builds the password.

Adding in Case changes, numbers and strange characters does make for a more difficult password to crack eg CE34p.w<g709b58 is a really tough password, but the problem with it is that it is also really tough to remember so as a result, you might write it down, at which point well, it has become a weak password.

Many years ago I used to visit an office where they had really high security policy, everyone had to change their password every few weeks, and I was forever needing some ones password while they were at lunch, 9 out of 10 times I could find a note secreted where the IT manager couldn't see it. This was appeared to be security, but in reality no security at all.

Modifiers allow you to have passwords that you can reuse, we could use tbajpgar as the base of our password then we could add the first vowel of the website domain, the last consonant and the first consonant.  So the password for this site could be tbajgaranm for www.stationerycomputermartuk.co.uk it would be tbajpgaraks

You need to think about security in context, a lock on a shed on an allotment might cause more cost in damage than leaving the shed open, a couple of thousand pounds in cash left in an empty building overnight is a different matter and a bank with hundreds of thousands stored overnight really needs more than standard locks and alarms. 

One strategy is to have several layers of passwords.

• High security banking passwords
  • Really tough complex random strings long and with strange characters
  • spend time memorising them before you change them
  • one per account
• Mid Security account passwords
  • These are for your logons to accounts for mail, social networking
  • long phrase turned into acronym perhaps append 4 digits of the really strong password
• Low security trivial passwords
  • Login for trivial websites
  • one phrase with modifier

Using a mix of techniques will allow you to have passwords that are appropriate for the circumstances.  That you can remember and which will protect you.

Any password can be cracked if someone is determined enough and spends enough time at it.  Most crackers are programs, they work randomly for maximum return so they try short passwords and dictionary words and because they will find plenty of systems they can get into with these they do not need to try anything harder.  Password security is like home security, you don't have to have fort knox security, if you have better locks than your neighbours they will go for the neighbours.