An Idea for a Secure Password
The world password day was just two days ago (first Thursday of May, which was the 2nd for this year) and I saw a lot of articles and events all around the world. Personally to me, passwords are nothing but problems. Why? Well, you have to think of a lot of things before choosing a password. The first and obvious question would be, is it secure enough? And once you crack that one, will that secure password easily remembered? These are not simple problems and we have to face them for each and every digital account we have.
According to recent researches on passwords have discovered that most people have failed to address the above questions when choosing their passwords. The list of most hacked passwords, published by the National Cyber Security Centre (NCSC UK) is one of them. Following are the top of that list.
I mean, seriously, who’d use password as their password? Let’s see how we can address the above problems, at least to some extent.
1. Is my password secure enough?
There are several metrics that we use today to measure the strength of a password. Character count, character variance, etc. Two, three years ago, most systems required to enter a minimum of 6 characters as user passwords, but today this number has increased to 8–10 thanks to modern computing capabilities. So is an 8-digit password with number and symbols safe? Well, the article “ Five Algorithms to Measure Real Password Strength “ published by Nulab says,
“Altogether, there are 96 possible characters when choosing from A to Z in both upper and lowercase, 0–9, and all available keyboard symbols. A password with 8 characters could be any one of these 96, taken to the eighth power for the varying patterns. That means over 7,200 trillion password options! However, people usually choose simple combinations that they can easily remember or that have some meaning to them. If someone tries to crack such an 8-digit password using the dictionary to search for combinations of letters prioritized by trackable words, then the massive 7,200 trillion potential options are narrowed down and the possibility of cracking it is increased.”
So I’d say, stick to 10 characters, at least, and mix the characters up in a non-obvious way. We’ll think about remembering it later. 😉
There are some ideas and theories that we can use too. Schneier scheme created by Bruce Scheier, who is an American cryptographer and computer security professional, is one of them. Firstly you start out by creating a memorable sentence and then create a password with it. An example could be something like “Colin the caterpillar — cola gums yum” could be turned into “Ctc-C0L@gmsym”. This is a 13 digit password that is not made up of any words that could be hacked. The best advice is to choose something personal to you.
I’ll use st0pst@ringbr@n! as my secure password for the next phase, which I stole from this cool post! ;D
2. How am I gonna remember this?
Well, I actually can remember this! I mean it’s just 16 characters, and it has a nice ring to it too! The problem is, I don’t have just one account, I have multiple. At least 20 digital accounts! So now what? Should I use the same password for all the accounts?
We don’t know the security level of each and every system we use. Sure, Google and Facebook have multiple security measures to secure their data servers. But what about others? If one of them got compromised, all of my accounts will be compromised. And no, I didn’t forget about several data breaches happened at Facebook. If even they can’t do it, no point of talking about others.
So what then? Should I create 20 more secure passwords for my 20 accounts? Well, first of all, I don’t think we can come up with more such cool passwords like st0pst@ringbr@n!. Even if we did, we won’t be able to remember them all…
3. Solution?
My solution is, we use the same secure password for all the accounts, but with a few modifications. And this modification should depend on the system you’re using that password for. For example, my new highly secure Facebook password is, st0pst@ring@Facebookbr@n! Noticed the added @Facebook part in the middle? And my Gmail password would be st0pst@ring@Gmailbr@n!. You’ll have no problem of remembering 20 different passwords because actually, they’re just one secure password with a slight modification.
You can change how you want to embed the modification part to your secure password. This is just an example, and NO this is not my real passwords!
Many people had predicted that the world will move away from passwords for a while now. Bill Gates has predicted the death of passwords in 2004. But for some reason, the use of passwords has been increasing, at least as of now. Guess the security experts and system designers not yet were able to introduce something more secure and usable at the same time. However, passwords will be the key to most of our precious for at least a few more years. Think back and see if your passwords are actually safe. If not, you know what to do!
What do you think about this method? Pros, Cons? Well, that’s why there’s a comment section below. 😉
Peace!
Categories: Identity Management, Technology, Tips and Tricks | Tags: Identity, Passwords, Secure Passwords, Security | Permalink.
Originally published at http://everything1know.wordpress.com on May 4, 2019.