Creating Strong Passwords and Sets of Passwords
Is it any surprise that most people create passwords that are extremely easy to crack or guess? Or that most of us use the same password for many of our important accounts like our email, banking, credit cards, and social media? Criminals depend on this fact! That’s why they try so hard to phish for passwords at social networking sites or through bogus emails pretending to be everything from Amazon notices to Apple ID resets to banking notifications. They hope that those captured or decrypted passwords, along with account holder’s names, will get them into lots of financial accounts or, at the very least, into email accounts. People don’t realize that their email accounts typically represent the center of their digital universe. Afterall, if you “forget a password” you can have an email sent to you so you can reset it. Therefore email accounts are extremely valuable to criminals. Our collective lame approach to creating passwords has got to stop! It is time to do something about this! We know you can do better and we’re here to help! Creating multiple strong passwords is not difficult. Take this set of examples. Using HowSecureIsMyPassword.net and Kaspersky Secure Password Checker, look at how long it takes for today’s password crackers to figure out passwords on the following list:
Password Sample: Evaluation:
crispy Hacked instantly
crispybacon Hacked in less than a day
crispybacon12 Hacked in 7 months
crispy=bacon12 Requires about 400 years to crack
(crispY)=Bacon12 Requires more than 1700 centuries to crack!
PASSWORDS SHOULD CONTAIN:
Random use of letters, numbers Non-letter, non-number characters such as = or ! or $ or )
Mix of UPPER and lower case
At least 12 characters long! (Four years ago we said 8 and two years ago we said 10, but faster computers and better password crackers now make these shorter passwords less secure.)
TIPS AND TRICKS TO CREATE SETS OF STRONG PASSWORDS FOR MULTIPLE ACCOUNTS:
a) Begin with simple phrases and then modify them! But make sure they are at least 12 characters long. For example…
“Make it better” becomes “mak31TB3tr!=”
“I love Spring” becomes “11UV$pr!ng!!” or “=1LUV$prinG!=”
“Scammers suck!” becomes “$C@mm3r$=$uck!”
b) Create an acronym from song lyrics and then modify it. For example…
“When I get older, losing my hair” From the Beatles song released in 1967 becomes “w1GO1mh=1967”
“I got this feeling inside my bones” from Justin Timberlake’s song Can’t Stop This Feeling, released in 2016, becomes “JT16=!gtf!MB”
c) Make up a word and modify it: “flomacious” becomes “f10MAc10U$” And the capital MA is easy to remember if you live in Massachusetts. Kids are especially great at doing this! But if you are not, you can use a fake word generator to help you such as Wordoid or WordGenerator
Never use real words in your passwords, no matter what language or even backwards, because they are easier to crack by simple dictionary attacks.
d) For your different accounts, add a letter or 2 that relates to your account. “bk” for bank, “MU” for mutual fund, “fb” for Facebook, “ig” for Instagram, etc. Use a “+” or “=” symbol to connect them. Or put your base-password in parentheses, for example:
(w1GO1mh=1967)bk
FB=(w1GO1mh=1967)
MU=w1GO1mh=1967
e) Assign “mountains and valley” rules to your passwords. This is just a silly way of saying “alternate CaPiTaL and lOwErCaSe letters” in your password.
A final note… If your family members do not use passcodes to protect their smartphones, they are making a HUGE mistake! A stolen or lost phone can mean significant loss and anxiety. Insist that they both protect their smartphones with a passcode AND not share that passcode with anyone outside of your immediate family. Teens are especially vulnerable to pranks because many of their friends may know their passcode.
ARTICLES RELATED TO PASSWORDS AND PASSCODES:
How to Protect Your Password and Keep Hackers Away from PandaSecurity.com
Estimating Password Cracking Times from BetterBuys.com
How Long It Takes to Break a Passcode from Fortune.com
How long would it take to crack your password?
From the folks at Sophos.com Busting Password Myths [podcast]