Ke$ha should use this password (no she shouldn't)
In an earlier post, I admonished you to not use common words – especially those from your life history – as your passwords. This is to prevent a determined human from hacking your accounts using their direct knowledge of you or from what they can find on the internet. It‘s critical too that you remember you are also trying to prevent a computer – which is doing little ‘thinking’ but running through thousands of common words – from getting to your password given time. If your password is in the dictionary, or is a common (or uncommon) name, or is in the atlas or encyclopedia, a computer will get to it sooner or later.
If all of this doesn‘t convince you that your password is not secure, let‘s look at common passwords.
1: The straight forward:
(blank)
It‘s possible to have no password in some, but thankfully, not in most systems. This one has fooled us on occasion but, after trying a few words, there is a momentary pause where we are looking at the login window, and something clicks. Try nothing at all. Yups, no password, I‘m in.
password
12345
qwerty
Basic variations on these such as 123456, qwert, etc. do not increase the complexity or security of the password.
________
Insert any cuss word. Computers don’t feel shame and that word is so common it will be near the top of the list of passwords to try.
2: Variations:
drowsap
4321
ytrewq
Since you‘re not the first person to think about spelling common words backwards, these are as easy as the originals to guess.
What about when the user puts some thought into the structure of the password?
1 2 3 4 5
0 9 8 7 6
becomes
1029384756
a b c d e
1 2 3 4 5
becomes
a1b2c3d4e5
More complex but are still compromised because they are are merely patterns. A computer has thousands of patterns to try.
3: Common phrases:
Similarly, a hundred common phrases wouldn’t be difficult.
to be or not to be
thou shalt not kill
i hate you
i hate u!
this is my password
This last group is interesting for a couple of reasons. While several words are more complicated than single words, common phrases are exactly that. They are common. Current thought on creating strong-while-memorable (or easily recalled) passwords is now leaning away from long strings of random characters and back toward short groupings of common words. This is similar but different to the above in one important way:
Think differently.
Contrary to advise not to use common words or phrases, there is a simple theory that using common words NOT in the form of a phrase increases the difficulty for a computer to guess your password. The logic is that several common words (randomly chosen) are many characters in a row, with spaces between. For example, while "to be or not to be" can be easily guessed by a computer (or human), "dog frog zoo blue" is difficult to randomly pick out. Three random words is good, four better. The only issue I have with this is in coming up with a method to have different pass phrases on different sites while making it easy to figure out for yourself so you don‘t have to write your passwords down. Let‘s work on this for a moment.
If I take take the first letter and make it a food, the second letter an animal, and the third a car:
Amazon = apple monkey acura
or for websites that don't allow spaces
apple_monkey_acura
It's secure, it's unique for that site, and I should be able to recall it with knowledge of MY methodology.
But wait, you say. ____ website requires a number, an uppercase letter, and a special character. Fine. I‘ll adjust the formula to include all of these:
The first letter is a food, second an animal with the first letter capitalized and the third letter is the NUMBER of that letter in the alphabet ending with an exclamation mark.
Amazon = apple Monkey 1!
And the icing on the cake. I don't use the first 3 letters of the site. Or I use the first 3 but backwards (AMAzon won't really be different but that's fine. EBAy, YAHoo, FACebook are all different.)
Why bother?
With a short list of common words I use for each of the letters, I have achieved several things by switching all my logins to this new formula.
1: Each website has a unique password. If one website is compromised, I don't have to change my passwords on every other website.
2: The level of complexity and therefore security of each password has increased tremendously.
I have made it much more difficult for a human or computer to drive-by guess my password. If it takes too long to get into my account, they will move on to the next person in the list who may have a simpler password.
3: Because I have a formula, I can recall a password without having it written down somewhere.
It is tremendously freeing to not have passwords written down anywhere. Still, if you do have to do it, use shorthand or code.
4: By doing this, I have done my part to make the cyber-world safer for everyone. Many of the recent headline corporate hacks, and most hacks at home or in small businesses are because a human somewhere dropped the ball. Making your cyber presence safer removes you from being the weak point in any websites, businesses, forums, etc. that you are part of.
The point of all this is simply to ask you to put more effort into your passwords. If you are not doing it for others, consider the stress, time lost, and financial cost to recover from losing important emails, having your bank information compromised, or recovering data that has been stolen.
Be safe out there.