How to Keep Your Passwords Safe

In today’s world,  keeping your online identity safe is a major concern, especially for those of us who spend money online. Here’s some ideas from the Girls Are Geeks Mothership on keeping your passwords safe.

The words of the Mothership:

In this age of electronics, computers, social media sites, online shopping (MY favorite), banking, and identity theft, it is important to know that your access to these modern marvels is secure. However, coming up with secure passwords is mind-boggling (“…must be 8-16 alpha-numeric characters, at least one of which must be a number, mixing UPPER and lower case letters, and without using any symbols such as # $ %….”). Then, even more difficult, you must remember which password you used for what. Making that task even more monumental comes when you work somewhere that requires you to change your password every 6 weeks, without using any of the last 3 passwords you most recently used.

As a (sometimes) Geek and definitely being the mother of Geeks, I am always trying to come up with clever, creative ways to do anything. Developing a system for passwords was no different. What you need is a scheme that YOU will remember, AND that will follow the “rules of secure passwords” AND that will not be associated with you in any way that would make it easy for a hacker to figure out (i.e., no address, phone number, birthdate, etc).

My method is to use a system of synonyms and a unique, easy-to-remember numbering scheme. In this way, you can rotate through a variety of passwords, and still be able to remember them. Just follow these steps:

1. Come up with a synonym list that you will remember (as any Geek knows, a synonym is a word that has a similar meaning to another word, such as “couch, sofa, divan”) Nouns* work best but verbs*, adverbs* or adjectives* can also be used.

* “noun” = person, place or thing (such as the previous example of “couch”)
“verb” = an action word (harder to make a list but more creative…such as jump, leap, hop, etc – you can even change the tense by adding -ed, or use the participle form, -ing to make a longer list)
“adverb” = a word that describes an action (such as quickly, speedily, rapidly )
“adjective” = a word that describes a noun (such as pretty, beautiful, lovely)

You get the idea…..get creative and generate a list of at least 5-6 words that you will remember by their association with each other, and, yet, are not actually associated with you.

2. Adding a number

The easiest way to remember numbers is to use commonly associated ones such as a birthdate, address or telephone number. HOWEVER, these are also the numbers that would be most easily hacked if someone has access to any of your personal information already (such as having your license, wallet, piece of mail, etc).

Therefore, my suggestion is to use two or three numbers that YOU will remember, but that are NOT associated with you directly. An easy way to remember numbers is to use only a couple of your “favorite” one, two or three-digit numbers (come on, everyone has favorite numbers!) in a rotating scheme.

If you really don’t have any favorite, easily remembered numbers, you can choose numbers from your past but be careful that these numbers cannot be found easily (such as your first phone number or old address).

You can vary the placement by putting your number at the beginning, end or in a certain position in your password (such as always putting the number second or second-to-last) in an easy-to-remember pattern. Remember, if you are only using 2 or 3 numbers, and varying your pattern only slightly, YOU will remember them but it will still be difficult for someone to hack.

3. Sufficient length

It is much harder to hack a 16-digit code than a 6-digit code, right? So you need to come up with a method of doing this without taxing your memory banks, but making it more challenging for a hacker.

My way is to consider the following:

You can extend your list by spelling those same words from your synonym list backwards, or repeating them in your code (couch72couch or sofa55afos for example), In this way, you can develop a longer list without having to remember more words, and your password codes will be sufficiently long to meet the requirements of a more secure password.

4. Hints

Finally, many sites, especially places of employment or banks, will offer you a way to give yourself “hints” when you still cannot remember which password you used for that site. Hints will be questions to which you should easily know the answers, such as “first pet”, “mother’s maiden name” or “hometown”. You need to answer these questions without compromising your security by actually using the real answers that someone else could come up if they know you or have access to your personal information somehow (such as stealing your wallet, finding your online profile, or just knowing you a little too well). Yet, you need to remember your answers.

My suggestion to handling these hint questions is to develop a series of answers that are actually no way associated with you, but that you will be able to recall easily if presented with your “hint questions” when you forgot what password you used. Then use that answer consistently whenever presented with the option to set up hints.

The way hints work, if you can put in the correct answer to the hint, you will be given your actual password. My rule here is to develop one answer to each question that YOU will remember, but that is not the actual answer to the question. Then always put that answer in when presented with the opportunity to set up these hints. Using hint answers that you can remember, but that cannot actually be associated with you, or found from your actual personal data, is a very secure way of setting up these hints.

For example, for your first pet, rather than using your actual pet’s name, you can use another animal that you will remember when you see that hint, such as “porcupine” or “Lassie”. Your actual hometown could be replaced with the town from a favorite book or TV show, such as “Sunnydale” (OK, I am not a Buffy fan, but I know one) or “Smallville”. Your mother’s actual maiden name could be replaced with the name of a favorite character in a book, such as “O’Hara” or “Kent”.

Remember, the idea here is to get the most secure password, with a system that YOU will remember, and that won’t actually be associated with you in any researchable way.

KISS (Keep It Simple, Sweetie)!


1 Comment (+add yours?)

  1. Sarah
    Nov 29, 2010 @ 12:46:18

    I’ve been further warned against using any real words, in any language, including 1337, so even c0uch, divan, sopa, and sofos would be hedgy.

    The method my most security-conscious friends favor is to use the initial letters of a long sentence. For example, someone who runs marathons might use Il2r26mi1d: “I like to run 26 miles in one day.” Need one at work? TitvIu4cs: “This is the vendor I use for cheap shipping.”

    For people who don’t feel comfortable using the same password on multiple sites, you can just create a rule to modify the password based on the site. It can be simple, like appending the last letter of the site name to the end of your password (Il2r26mi1dn for Amazon), or more elaborate, like adding a letter of the site name after each number that appears (Il2ar2m6ami1zd).

    Also popular is creating patterns on the keyboard: if you start with 8ikm7ujn, and you need to update it periodically, just move your hand over and do 7ujn6yhb. My former boss–who was notoriously absentminded–did quite well using his hometown with no vowels and his childhood street address (let’s say sprngfld822) until he suddenly had to add special characters and change it every sixty days. He pouted for days until the IT guy suggested adding qwas, then wesd, then erdf, and so on in little squares along the keyboard. A few well-placed parentheses and he had sprngfld(822)aszx. Super memorable, but difficult to guess or crack.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

November 2010
« Oct   Dec »
%d bloggers like this: