How Secure Are Your Passwords?20th November 2015 in Security
The web is great for many things. You can shop, find information, communicate with people, share our thoughts and experiences and watch videos of monkeys riding on pigs. The problem is, to use many of these services you need to set up accounts, and that means having to create passwords. A lot of them.
Creating a good password can be difficult. The best passwords are a string of unrelated characters such as ‘C56!3Dp&0L1+2’. However, this is clearly difficult to remember so most people choose something familiar such as a name and birthday such as: ‘lillie18’ or ‘rover99’.
These types of passwords are okay but they’re not particularly secure as they contain personal words or phrases which makes it much easier for them to be cracked. More worryingly, some people make no any effort at all to create a good password. As of the time of writing, the most common password used online is ‘123456’ followed by ‘password’.
With password attacks happening all the time, it’s important that everyone has a secure password system. There are some great apps out there such as Lastpass and Passwordbox which offer to remember all of your passwords for you and keep them locked up under a master password.
However, trusting all your password information to an app isn’t a foolproof method, as they can break (speaking from experience here!) and they only work if you have them installed on every device you use. Also, if someone gets hold of your master password they will have access to all of your usernames and passwords!
The best answer it seems is to create your own secure passwords, but how to go about this? One popular technique is to take a meaningful phrase and just using the first letter of each word. For example, ‘Mary had a little lamb, it’s fleece was white as snow’ would become ‘Mhallifwwas’. To make this more secure you could replace some of the letters with numbers and special characters such as ‘Mha11ifwwa$’.
This is looking pretty good, but a more personal phrase might be easier to remember. Let’s use ‘On a Friday night I like to eat spicy Madras in my underwear’. Running this through our process makes ‘OaFnI123$Mimu’. Pretty secure and definitely easy to remember. In fact, according to howsecureismypassword.net, a PC running at 4 billion calculations per second would take 26 million years to crack this particular password.
I know what you’re thinking. That wasn’t too hard, I can easily remember one short phrase. Well, unfortunately it’s not quite that simple. You can only use this password once otherwise you risk someone having access to all of your accounts. Does that mean you need to remember a new password for every account? Luckily, the answer is no. An interesting way to solve this problem would be to create passwords which have 2 parts.
Let’s call them a base and a modifier. The base part of the password stays the same for all your accounts but the modifier changes each time. So for example your base password might be the phrase ‘I hide peanuts in my socks’ which we could turn into ‘Ihp!m$’. Then your modifier would be ‘-face’ for Facebook and ‘-twit’ for Twitter.
This is pretty good, but it does have a fairly large flaw. If anyone managed to get hold of any one of your passwords it would be pretty easy to guess what the other ones will be. To obscure this pattern we could apply a rule to the modifier part of the password. Taking Facebook as an example, instead of ‘-face’ we could use the next letter of the alphabet (where a->b and b->c) to create ‘-gbdf’.
Alternatively, we could use whichever keyboard key is sat to the right of the one we need. So ‘-face’ would become ‘-gsvr’. We could even use the key above the one we need to create -‘rqd3’. Putting this altogther, our new Facebook password would be ‘Ihp!m$-rqd3’ and our Twitter password ‘Ihp!m$-5285’. Now we have a secure system which is futureproof, difficult to crack and easy to remember.
Final Note: When creating your passwords make sure to include a mixture of numbers, upper/lower case and special characters. Also, the longer the password, the more secure it will be. You can test the strength of your password at howsecureismypassword.net, or comparitech.com. For a more detailed analysis, you can use www.passwordmeter.com.