Alex O'Brien

Technology

How to remember your passwords

How to remember your passwords

Life used to be simple. We could visit a bank and sign for our money. When eftpos and ATMs appeared, our first passwords were four-digit pin codes.

A friend's dad, who was a chief executive of a large Christchurch company, had a special method to remember his Pin. He wrote it on the back strip of his eftpos card right next to his signature.

Life is not so simple any more. Most of us have many usernames and passwords to remember, especially for the internet.

My brother, who works in a large London bank, has to use randomly generated passwords such as J4$pQ1!b for various internal banking systems. He has the ability to transfer millions to accounts in, say, Zimbabwe. Understandably, his employer requires staff to have highly secure passwords.

The problem is that my brother has eight unique passwords, which are virtually impossible to remember, all of which are changed every month.

Password software

Password management is a problem even for regular people, and unfortunately there is not a simple solution. The best practice these days is using password management software.

Four tiers

Another strategy is to keep four separate password tiers. Password strength is highest for the first tier and lowest for the fourth tier.

Tier 1 is for banking. Tier 2 is for primary email accounts. Tier 3 is for Trade Me-type websites (where commerce could be conducted in your name), social networking sites such as Facebook (to protect your online reputation), and blog sites (where what you type reflects on you or your employer). Tier 4 is for newsletter and subscription websites, fun sites such as YouTube.

Why should primary email accounts have Tier 2 protection?

Once a hacker obtains access to your email account, he may be able to access your internet accounts and passwords through the "password reset" facility that feature on almost all websites.

Password construction

Good passwords:

  • Combine mixed-case alphabetic characters, numbers, symbols such as @ and include punctuation characters where allowed.
  • Are at least seven characters long.
  • Do not include your username or ID in any form, whether reversed, capitalised or doubled.
  • Are never be based on a spouse, child or relative's name - unless your cousin's nickname is Cuz Y#Pi5+Q.
  • Never contain keyboard sequences such as qwerty.
  • Are hard to guess even by someone who knows you well.
  • Never contain words – including profanities – found in English or foreign dictionaries. Password- cracking software will try all of these words and usually crack dictionary- based passwords within minutes.
  • Are never written on a sticky note, desk blotter or other item close to your PC.
Remembering passwords

  • Use the first letter of each word of a line that is personal to you, such as from a favourite movie, poem, religious scripture, slogan, or a special event in your life such as your child's first spoken sentence. For example, Bryan Adams' song Summer of '69 contains the chorus line "Back in the summer of '69!", which would be Bitso'69! as a password and would be suitable for Tier 3 passwords.
  • Create an imaginary car licence plate using numbers, symbols and letters, such as 1LoveMyC@t! This would be suitable for your email account password as it is longer and more complex than the Bryan Adams example, but probably doesn't suit known cat lovers.
  • Join a series of words together using symbols and substituting numbers for vowels. For example, "Half a dozen Speight's" could translate to 1/2dozSp31ghts which, as a password, measures "best" on the Microsoft Password strength indicator due to its length and complexity. It's suited for online banking.
  • To distinguish between workplace and personal passwords, append a W to the end of workplace passwords and a P to personal passwords. Better yet append -W and -P. Even better, make up your own system. This will increase the length and complexity of your passwords yet still retain an easy-to-remember formula.
  • Above all, use an easy-to-remember method to construct your passwords that is personal to you and obscure to others.
Best practices

When prompted for a "security question" or "password hint" use something that is not public knowledge. Use your first car or first pet's name, but never your current car or current pet's name, which could well be obtained from your Facebook profile or through other means.

Change your passwords regularly

If you feel the need to write your passwords down, never identify them as passwords or usernames on the same piece of paper (and don't store passwords on a computer with a file name such as Passwords).

And don't ever:

  • Use the same password for everything.
  • Use your top three tier passwords on public computers, internet cafes, hotel lobbies or airport lounges.
  • Provide any of your passwords by email or by phone. A reputable online company will never ask for your password by email and a Help Desk doesn't need your password to help you.
  • Reveal the method you use to create your passwords to anyone.
Written by Matt Long. First appeared on Stuff.co.nz.

Related links:

3 myths about Facebook busted

YouTube tips you didn’t know

10 computer shortcuts to save you time