Good password security

Good password security isn’t too hard, it just requires a change in your approach. The biggest factor to increasing password security is password length.

To see this in action, visit this link – https://www.grc.com/haystack.htm – and type in one of your passwords as a test. Look at the last two Attack Scenarios. That’s how quickly it would take to break that current password. Have a look how quickly that changes when you simply increase the length of your password.

If the current strength is in weeks or days, it’s not a matter of “if” you get hacked, it’s a matter of “when”.

There are two good approaches to strong password security:

1. A strong known password scheme
or
2. A password manager software

#2 is my recommended option, but I’ll describe #1 first:

1. A password scheme

Pick three completely unrelated words. My street – “seaviewrd” – could be one of the words as it is not in any dictionary; this is ideal. Let’s pick the words ‘seaviewrd’, ‘great’, ‘Monday’. We also pick a couple of punctuation characters, perhaps ‘$’ and ‘!’. The reason you pick unrelated words, is that password cracking software tries common phrases, so words that don’t go together in a phrase are critical.

Then to create a password, put together the three words, the punctuation, and what it’s for:

Gmail: seavrewrdgreatMondaygmail!$
Braintree: seaviewrdgreatMondaybraintree!$
Paypal: seaviewrdgreatMondaypaypal!$

Take one of those passwords and type it into https://www.grc.com/haystack.htm to see the difference….

They are easy for you to remember, but effectively impossible to crack. They are also easy to type, as your fingers are used to typing words.

The downside is that if someone ever finds out one of your passwords … it is trivial to guess the rest of them!

2. A password manager

My preferred approach is to use a password manager. The reason for this, is that you can use it to easily generate completely random new passwords, and it can remember them for you – your brain doesn’t have to manage it. It is a little more complicated to get used to though.

KeePass is the best option – http://keepass.info/download.html (download the Professional Edition).

Create a master password for it using the method above. Write this down on a piece of paper! Keep the piece of paper safe until you’re sure that you remember the master password, and then shred it.

Every time you make a new entry, get it to generate a completely random password, of at least 20 characters length:

When you need to log into a website, you simply double-click on the password, and it copies it to your clipboard. Paste it into the website password field, and you’re done!

IMPORTANT: ​Make sure that you keep a few copies of this file around. If you were to lose it completely, that would be disastrous, as you would have none of your passwords! I keep mine in my Dropbox, and every now and then email myself a copy. That way it’s in three places – on my laptop, in my Dropbox, and in my email.

As long as your KeePass master password is strong, the database is unbreakable.

Leave a Reply

Your email address will not be published. Required fields are marked *