Posts Tagged ‘ safety on the net ’

Passwords to the wise – password creation made easy.

Passwords are a pain! Most people either use the same one over and over again or tie themselves in knots attempting to come up with convoluted codes which will be never be guessed in a million years.  Some passwords are obvious and I wonder just how much I could access with the password “trustno1?”

Here’s a quick guide to painless password creation.

Step 1. Choose a four-letter word or four-character phrase

Use a four-letter word like care, look, tree, bull, pine, rest, blob, east, bike – OR – use a four-character phrase that’s easy to type with one hand such as qwea, wers, ertd, rtyf, tyug and so on.

Step 2. Choose a single-digit number

You have the choices of 0 through 9. Pick one.

Step 3. Use the first three characters of the web site’s domain (URL) the password belongs to

This is best shown by example:

Yahoo Mail: yah
Hotmail: hot
Facebook: fac
Twitter: twi
Gmail: gma

Step 4. Choose the pattern of the password

The patterns you have to choose from are any that DO NOT start with the digit, because there are several web sites that do not permit that. That being the case, you have four patterns to choose from:

1. Word+Digit+URL
2. Word+URL+Digit
3. URL+Digit+Word
4. URL+Word+Digit

Let’s say the four-letter word you chose was tree, the digit 8, and the pattern you chose was Word+Digit+URL. Here’s how the password would look:

Hotmail: tree8hot
Yahoo Mail: tree8yah
Facebook: tree8fac
Gmail: tree8gma

Benefits of generating passwords with the Word + Digit + URL method

Easy to remember for you, difficult for others to guess

You’ve been told over and over again that you should always pick passwords you can remember easily but others could not guess – but were never told how to do this. W+D+U passwords are exactly the way to do it.

No need for a password manager

Many people do not want to be bothered with a password manager because they consider it too much of a hassle. For those that hop between OSes this is especially true because many password managers only work on one OS and nothing else.

Has “good enough” security for most people

You’ve also been told over and over again never to use the same password for multiple web sites. The 3 characters from the URL keeps passwords unique and satisfies this requirement.

Drawbacks of the W+D+U method

Some sites will have the same password

Example: Meebo and Meetup. Both start with mee, so the password would be the same for both sites. You can get around this by counting the number of characters in the domain name and adding an extra digit. Meebo is 5 characters, Meetup is 6. If the password is tree8mee, Meebo’s would be tree8mee5 and Meetup tree8mee6. If both sites have the same amount of characters in the domain name however, you’re out of luck.

Same-service accounts will have the same password

This is the biggest drawback of the W+D+U method of password generation, and the only way around it is to add an extra digit based on priority.  Example: You have two Hotmail accounts. Both accounts have tree8hot as the password. Whatever account you use the most should be changed to tree8hot1, the second tree8hot2, and so on.

If someone guesses your 5-character passphrase and recognizes the pattern, the password is useless

The likelihood of this occurring is slim, but it’s a possibility. If your 5-character passphrase is tree8 and someone realizes that you use that passphrase plus the first three characters of a domain name for all your passwords, you’re basically screwed – but only if you use the same username everywhere.

W+D+U is weak, but better than 12345678

I’m not saying using W+D+U for passwords is strong or secure, but “good enough” as said above. These passwords are easy to remember, difficult for others to guess, you don’t need a password manager and the best part is that they work everywhere.

Advertisements