Wednesday, February 26, 2014 No tags 0

Almost all web 2.o websites, such as Facebook, Twitter, Diigo and more, require logins with passwords. However, too many users under-estimate the importance of  using secure passwords. Often they do not take precautions so that no one else can access their passwords. Furthermore, when complicated passwords are created, users resort to storing them either on their computer or on paper. Either way they could be easily accessible to others.

The question is ‘how can 100% secure unique password be created for every site that we access that is easy to remember so that it does not need to be recorded anywhere?

First of all we need some simple rules for creating “bulletproof” passwords:

1. Minimum of 8 characters (more is better)

2. Use a combination of letters, numbers and special characters (i.e. & * \$ ! or other characters)

3. Use both upper and lower case letters

4. Do not use common replacements such as 0 for the letter 0, the number 1 for the letter i, ‘two’ replaced by 2, ‘and’ replaced by ‘+’ or ‘&’.

Let’s return to the question ‘how can 100% secure unique password be created for every site that we access that is easy to remember so that it does not need to be recorded anywhere?’ The answer is quite simple once we understand how passwords are hacked. One of the best articles by Steve Gibbson gives us a clue to this dilemma: How big is your haystack? It is well worth reading and gives us simple insights into creating secure passwords.

Let’s give it a try with a simple algorithm so that we do not need to write down passwords:

1. Look at the name of the site i.e. Facebook

2. Choose a two-digit number i.e. 46

3. Choose a special character i.e *

4. Replace the vowels in Facebook with 4 and 6 repeatedly ie F4c6b46k until there are 8 characters.

6. Place * at the end ie. F4c6b46k* and the password has 9 characters.

If you try this in the password tester on Steve Gibson’s website, it shows you how long and how many attempts will be needed. Let’s just look at the last number for our next comparisons – Note 1.77 hours.

The beauty of this method is the password for every website will be unique. For example, the password for Twitter would become Tw4tt6r4 (8 characters by adding a 4 from the favorite number 46) and Tw4tt6r4* (9 characters). If a website does not have enough letters in the name, we simply add more numbers at the end to have a minimum of 8 characters.

However, now for the shocking discovery!

What happens if you add more * to the end of the password?
F4c6b46k** becomes 1 week and

F4c6b46k**** becomes 1.74 centuries !!!!

Who would have guessed that by creating a password based on the name of the website and following a few simple ideas that a password can be completely bulletproof. Always remember the only safe place for your passwords is in your head or in a locked safe.

Articles with more clever  bulletproofing strategies