So, you want to browse a new website or use a new online tool, but first you need to sign up. Seems simple enough, use the same username as last time, same password…Ah, your password. Passwords are becoming evermore critical secret of modern life, as everything moves online and your password/s unlock it all. Everyone knows it’s best practice to keep every password unique, and litter them with special characters and a mixture of capitals and numbers, but very few of us do. Why? Because it’s too hard. But I’ve got a few tips to try and make it all a bit easier.
Make It Memorable
This is a pretty obvious one. You don’t want to have to always press the “I forgot my password” button every time. That’s a much more lengthy and annoying process than even spending a minute or two trying to remember what it is. However I have some methods for creating memorable passwords that you’ve never thought of before. One I heard a little while ago, which I think is brilliant, I call the singsong method. What this involves is choosing a favourite song, and then using the first letter of each word in a particular section as your password. This means you just sing the song to yourself to remember the password. For example:Walking down St. Kilda pier I hear your voice in my ear Saying we should do this more often, cos it really has been fun
Password = wdskpihyvimeswsdtmocirhbf
The same concept can be used on lines of dialog from movies or TV shows, or catch-phrases (The Cake Is A Lie = TCIAL).
Make It Long
Now, this tip has to do with if anyone ever tries to crack into your account. Having a long password means that it takes longer, thus is harder to crack using a brute-force attack. A brute-force attack is when a hacker tries to work out your password by trying every possible character combination, usually using a piece of software. If your password is really long, it means there’s more combinations it could be. The method I gave above can be great for getting a very long password, but there are other ways. One, inspired by this xkcd comic which is all about writing good passwords, is to create a little scene or story and write a sentence on it or even just a bunch of adjectives and nouns. Here’s an example:TheSecondPenguinIsAnAndroid or OrangeNinjaFightingDinosaurs
Actually, nearly any sentence could serve this purpose. Use a catch-phase, or any phase you want. Some people like to try and send the organization that they’re signing up to a message using their password choice. E.g.ChangeTheStupidColourScheme or WhyDoIHaveToChangeMyPasswordAgain
Avoid The Dictionary
Like I said, a sentence can be a good way to produce a long and memorable password. However it fails on another level. The other way hackers try and work out your password is by running a dictionary-based cracking program, which instead of trying every possible character combination, tries different words or combinations of words from a dictionary. So, to avoid being susceptible to this attack, you need to either use words that aren’t in their dictionary or change them so they’ve no longer recognizable. Words like slang or names that you and your friends use aren’t likely to be in there so that’s a possibility. Also some uncommon jargon or made-up words aren’t going to be in there. The other option is the one I prefer. You can make you words not quite dictionary-worthy in a few ways . One is infixes, which is where one word is inserted within another. E.g.temporary movie = tempo-movie-rary
These aren’t necessarily easy to remember, and can get quite messy. Similarly, you can just mangle your words so they don’t fit the dictionary anymore, by either cutting off a bit of the word, start end or middle, or by purposely misspelling it. The other way to make your chosen words a bit different is similar to the latter, but is a method I highly recommend.
Leetspeak (13375p34k) is a sort of an alternative alphabet and vocabulary that was developed by internet forum users mainly to circumvent filtering. They disguised their words by replacing some or all the letters in a word with a character or multiple characters that looked the same. This meant that it could only be picked up by a person looking at it, and a lot of people don’t even understand it. By using numbers and other characters like this to replace some of the letters in your passwords, you can make your password even harder to guess and thus it is more secure. For example:Password = |> @ $ 5 \/\/ 0 !2 [} or Unlock = U n 1 0 < k
Wikipedia has a list of several possible leetspeak alternatives for each letter, and there are various others, however you don’t need to use any of these. You simply need to use ones that makes sense to you, and that you will remember.
Categorise your passwords
Now, this tip is mainly focused on making your passwords easier to remember by minimising the number of them that you need. How? By having a few standard passwords for sites and tools that are related. Of course, these passwords have to be strong ones, otherwise it defeats the whole purpose, but as long as they are, it’s a great way of streamlining the login process. For example, if you sign up to a lot of news websites, you could use one password for all of them. Then you would have a separate password for any shopping websites. Then a totally different password again for email accounts, and another for anything business-related. This way, you can make each password something that you will easily remember when you think of that genre of website. However, there are definite times where you wouldn’t use this method. For example, your bank password, your primary email account, and any others that allow access to particularly sensitive information should be totally unique and separate from the others. Passwords for sites that are more likely to get attacked, such as Facebook, should also be kept different from the others, just in case of a compromise.
So, that’s about it…Those are my tips for making strong, usable, and memorable passwords. They’re not perfect rules, but I think they’re pretty good. They won’t make you unhackable, but they’ll certainly slow a hacker down. If you’ve got any thoughts, leave a comment.
Until next time,
P.S. If you’ve got any ideas for a better sign off line than “Post again soon,” or “Until next time,” drop me a line, and there will be a prize in it for the one I choose!