Photo by: Kristina Alexanderson (http://www.flickr.com/photos/kalexanderson/)
Passwords are definitely something that we need to worry about now that computers are a big part of our daily lives. Even as a web designer, I pulled the methodology of password policies from my IT experience because having a system of passwords is definitely an advantage when developing and administrating many sites. Today, I’m going to go over ways to make a secure password that will leave the majority of people guessing, and you can apply these strategies into many areas of computing life other than web design.
Plural on the password
Yes, you heard that right. Passwords. Plural, as in more than one. The importance of having a list of passwords is pretty important, even when it comes to your website. Sure, your CMS/blogging framework may provide updates on a regular basis to improve overall security and performance, but when all else fails, the password is the one link that can prove to be the strongest or the weakest.
Mix it up: password basics
Let’s start with the basics: what makes a strong password? Most systems require a password that is a minimum of between 6 and 8 characters. This is so that automated password hacking by cryptography has less of a chance to crack that beloved password of yours. On the other hand, a password that is too long can be difficult to remember and cumbersome to type in. Try to keep it under 12 characters.
Keep it creative and private
Let’s face it – we all want to remember our passwords easily, so we often fall into the trap of using our dog’s name, favorite sports team, or nickname from high school. However, these kinds of passwords have a huge pitfall – they are not private information. If somebody other than yourself knows the keyword you are using as a password, the higher the chance of your password being guessed in ways that aren’t automated brute force (this presents issues I will touch upon shortly). The best practice would be to use either a familiar but private phrase in acronym form (e.g. “adidas” = “all day I dream about security”, “stywpas” = “sausages taste yummy with pancakes and syrup”, “hitbwditu” = “Hann is the best web designer in the universe), etc.) or a made-up word (e.g. Hann-uary, monitorization, great_jorb, etc.). It may take some time to remember these types of passwords, but if you have something like a personal mantra you chant to yourself in your mind, that could work as well! You could even use a funny CAPTCHA that you saw the other day (turning verbs into nouns and vice versa are always fun). By the way – I would never make up a month after my name, just so you know.
Photo by: Mo Riza (http://www.flickr.com/photos/modomatic/)
Mix up the cases, numbers, and symbols
Now comes the complication that can be remedied in an easy way. The sudden requirement by many companies to include at least one of the following in your password: one lowercase letter, one uppercase letter, one number, and one special character (symbol). Uppercase letters can be difficult to use because many of us don’t think in terms of case sensitivity (i.e. programs usually differentiate between lowercase “a” and uppercase “A”); so the best way to approach this methodology is to exclude either uppercase or lowercase letters altogether. Of course, if you are a case sensitive sort of person, this may not apply to you. So, where do you place these characters then? Well, the last thing you should do is place them all in a row, even if it’s in the middle of your keyword, let alone the start or end. Best practice is to use “leet speak” (or l33t sp34k), which is beyond the scope of this article, but in essence is the practice of replacing letters with numbers and special characters. To find out more about this unique brand of cryptography culture, check out the Wiki article on Leet here. After you gain more of an understanding, you shouldn’t be using passwords like “whitesox82″ or “snuggles*29″ anymore.
Categorize them
Now that you have the methodology of making passwords, you should start making a list of passwords and categorizing them. When I say categorize, I mean grouping your passwords into standard usage guidelines that you would personally follow. For example, you could make a password (or two) dedicated to things like web banking, restaurants, social media, work, and junk. This make it easier for you to remember which password you used for what service. Now, this may seem counter-intuitive because two similar sites like Facebook and Twitter would have the same password – but who would know that? You don’t have to follow the exact same guidelines for grouping – this is entirely up to you. However, I highly stress keeping your categories as minimal as possible – anywhere between 4-6 categories should be easy enough to remember, but the more you start to juggle, the higher the possibility for forgetfulness. By the way, I do highly recommend including the category junk. Who hasn’t signed up for a newsletter or a forum about koala bears just to access private content for a short amount of time and then regretted it later? Just remember that if it ends up becoming a regular category, change the password to match accordingly.
Don’t kiss and tell
You know that close friend or family member that you trust so much? They should be the last person you ever tell your password to. I spoke earlier about people guessing your password without using brute force, and who else would know what kind of password you use than somebody close to you? Whatever the intention of the person you know, sometimes a harmless joke or a heat-of-the-moment revenge attack can have severe repercussions. For example, imagine a person who has her e-mail account hacked into by her brother, who knew what her password was. As a prank, he decides to change the password to a humorous word and she suddenly can’t access her account. What would happen if this brother of hers forgets the password and she didn’t configure recovery options (like secret question/answer) on her account? She would have to jump through hoops to get that password of hers reset, and all because of a “funny” prank.
Remember it
This is easier said than done; it’s difficult to remember one of these types of passwords, let alone an entire list of passwords and associated categories! All I have to say is: practice, practice, practice. Practicing often makes you remember. Turn off all password-storage tools in your web browser and don’t choose to save your password on particular sites. Make it so that you have to type them in every single time. This will ensure that it gets ingrained in your memory. I don’t even remember what my passwords are anymore without thinking hard – simply typing them has become muscle memory for me. If you must write your passwords down, do it in a document or utility that stores and encrypts passwords with – guess what? – another password. Alternatively, you can write them down on a sheet of paper and store them in a personal vault, hidden storage location, or safe-deposit box at the bank. Whatever you do, don’t ever store them in a place where people can easily find it, and keep it as far away from your computer as possible. It will become difficult at first, but memorizing passwords is like memorizing anything else – practice using it often and as much as possible!
About Yawhann