Good password is hard to crack and easy to remember. One extreme is having easy-to-remember passwords like your spouse's name or birthday's date, other extreme are elaborate passwords that you tend to forget. Here's the best of both worlds, my favourite method for creating good passwords:
1) pick some catchy lyrics from a middle of less known song (you can also use poems or quotes). Compose password from first letters of each word of the sentence. Here's an example:
lyrics: "I want to lay you down on a bed of roses"
(from Bon Jovi - Bed of Roses)
password: iwtlydoabor
Now you've got a password that's both difficult to crack and easy to remember - well, the song and method for getting password are easy to remember, not the actual password, we're using a bit of primitive cryptography here. Make sure that the selected excerpt is not too obvious (refrain of Yesterday, popular proverbs, poems like "roses are red, violets are blue" etc).
This password is better than 90% of other passwords used on the internet and resistant to dictionary attack, but it still it's possible to crack it by brute force. To prevent that, we need a mixed case password with numbers and special characters.
2) replace characters by similar looking numbers: o by 0, i by 1, e by 3...
iwtlydoabor -> iwtlyd0ab0r
"o" was replaced by "0" (zero).
3) use the same replacement technique for special characters: 1 for !, a for @, s for $...
iwtlyd0ab0r -> !wtlyd0ab0r
"i" was replaced by "!".
4) it's good to have a system for placing upper case characters. I tend to write lower case for consonants and upper case for vowels (or the other way):
!wtlyd0ab0r -> !wtlYd0Ab0r
5) I also like to convert original sentence into slang, for example:
"I want to lay you down on a bed of roses" ->
-> "I wanna lay u down on a bed of roses."
!wtlyd0ab0r -> !wlUd0Ab0r
Well, I think that's quite a strong password. Make sure that you're able to remember your new password, perhaps even write it down for first few days. Write down just the original lyrics if you're afraid that someone else might accidentally read it, that should be enough to figure out rest of the password. Also, don't over-combine the encryption or you might forget all encryption steps - use only one number or special character replacement, leave out some steps.
Here's another password-related tip: don't have just one password for several accounts. It's similar to dilemma between easy and hard passwords - it's insecure to use only one password for everything because if someone gets it, he's got all of your passwords. On the other hand, if you use many passwords for many acounts, it's almost guaranteed that you forget some. If some of your passwords can be retrieved or reseted by email, don't worry much about them, but be very cautious when selecting a password for that email.
No comments:
Post a Comment