Password Please
Better Safe Than Sorry…
PC Magazine reports that these are the 10 most used passwords, ranked in order:
- password
- 123456
- qwerty
- abc123
- letmein
- monkey
- myspace1
- password1
- blink182
- (your first name)
I’d bet yours isn’t on this list, but you might use a similar “weak” password – even for your most sensitive information or financial web sites – that’s as easy to remember as one of these… And that makes it easy to “crack” and lowers the actual protection a strong password provides.
Here’s a terrific password: 93u4j#Re!j
Now look away and say it out loud… That’s the trouble – the better the password the harder to remember. So write it down on a sticky and attach it to the side of your screen so you can refer to it when needed. So can the cleaning crew, and the clients you meet in your office.
The strength (that is, the complexity) of a password is inverse to the ease in which it can be remembered. Without looking you can probably recall half of the weak passwords listed above.
What’s needed is a system. I can instantly “remember” more than 50 passwords for web sites, web clients, and email accounts because I developed a simple system. And for just $29.95 you can order it by mail… [Grin!]
Here’s what I call the “Simple System”:
- Think up a three-letter word for the start of the password. It will be easy to remember because it’s your choice – let’s use “bet” for this example.
- Now think up a 3-digit number that you’ll use for the end of the password – we’ll use “211” which has a meaning for me and is easy for me to remember.
- The middle part of our system is determined by the web site we’re using it for. We’ll use the 1st three letters of the name of the web site.
Here are the results of our simple system for four web sites:
AmericanExpress.com: “betame211”
ChaseOnline.com: “betcha211”
CommerceOnlineBanking.com: “betcom211”
ProvidianServices.com: “betpro211”
Each is a unique password, and each is strong enough to be difficult to crack by machine, or figured out by a person. And you can decrypt it instantly – it takes just one remembered “system” to recall scores of your passwords.
Most people should use the “Simple System.” However, if someone was to see all the passwords together, our method might be observable, so with a few “tweaks” we can make it even safer without losing our ability to recall:
- For the first part, we’ll use three letters of the alphabet starting with the 1st letter of the web site, and we’ll capitalize the middle letter;
- For the second part we’ll use the 1st three letters of the web site backwards;
- For the last part we’ll use three numbers starting with the position of the first letter of the web site in the alphabet: A=1, C=3, P=16, and we’ll fill any extra spaces with the next one or 2 even or odd numbers: A=1 which would be “135“, C=3 which would be “357“, P=16 which would be “168“.
Here are the resulting passwords that make the “Stronger System” even harder to break:
AmericanExpress.com: “aBcema135”
ChaseOnline.com: “cDeahc357”
CommerceOnlineBanking.com: “cDemoc357”
ProvidianServices.com: “pQrorp168”
And here’s the password for this site, SilverMarc.com using the “Strong System”: “sTulis191”
Even with five passwords in front of you it wouldn’t be an easy task to figure out the system, but it wouldn’t be very hard to remember it if it was the system you used to “encrypt” your own passwords.
Having to use the brainpower to put the stronger system to work would likely be too complex in the short run, but I show it because from it you could devise less complicated ways to tweak your own “Simple System” and give it more strength without making it too intensive to use regularly.
Enjoy, (and keep your data password protected with strong passwords!)
Here’s the link to the ThreadWatch blog about passwords (including links to apps that generate strong passwords, however without the “ease of recall” feature that is the point of today’s Send-Sheet:
http://www.threadwatch.org/node/14095
–Marc
March 9, 2008 @ 5:00 PM