Monday, June 2, 2008

Creating secure passwords... easy! memorable!

In my line of work, I have many passwords that I need to remember, and a lot of times I find myself juggling the passwords, typing and retyping to guess the correct password that I chose for the particular service/websites/ssh session, etc ....

So, as I thought about it, I figured that I should create some sort of algorithm that i could remember that would help in creating a secure password. As I looked up online, I found a couple of people that have created a similar system, but in this article I will share mine, as I think that it has nice variable to it that will eliminate the guess work from passwords. So, let's get started.

1- Choose any sentence that you find appealing, meaningful, or just plain fun that you can remember. Could be your life motto, could be the words of a song.. it doesn't really matter. As an example, I will use the sentence, "What Happens In Vegas Stays In Vegas"
This becomes: WHIVSIV.

2- Let's alternate the caps on that password:
WhIvSiV

3- Let's add a special character in the middle:
WhIv$SiV

At this point, you have created your base password. as it is right now, it's pretty secure. However, if this is all you use for all the websites you log in to, if this password happens to get compromised, the all the other websites are potentially compromised.
For this reason, we're going to add a variable that will completely protect you against this.

4- Every site that you access that has a password, has a name, of course, at this point, you take your base password, and you append the first and last letter of that site/service to the password.
For example: for your amazon.com site, the first and last letters are "a" and "n", now reverse them, and add them to your password. Now, your new password for Amazon.com will be:
nWhIV$SiVa
Similarly, for your paypal password, you'll get:
lWhIv$SiVp

At this point, it doesn't matter how many websites you've signed up for, and it doesn't matter if you remember the password, you'll be able to make it up, just as long as you remember your base password.

As a bonus/alternative, some sites do not allow you to have special characters in your password, so for these sites, you can have a different algorithm that you know to try: it's very simple.
First, remove the special character from the password:
For instance Amazon's password will now be:
nWhIvSiVa

Now add the last 2 digits of your birthday, REVERSED at the end of the password. So, if I'm born in 1976, the last 2 digits of my password will be 67, and therefore, my amazon password is now:
nWhIvSiVa67

I hope this small tutorial will help you try to stay on top of your passwords, and help you avoid writing them on a little sticky and slap them on the bottom of your keyboard in the office! :)

No comments: