« Patches and Patch Adams | Main | Googling Your Company's Weaknesses »

With many recent studies indicating that, no matter how great of a security system you have in place, most computer systems are likely to be cracked either by a con artist calling you directly and tricking you into giving them your password, or by someone using a simple password cracking program. What follows are some easy steps taken from CSOonline to creating nearly unbreakable passwords.

First, it is crucial to think of them not as passwords but as codes, codes as in plural, because when you have more then one password, if one of your passwords gets cracked you do not want to make it easy to guess the rest of your passwords. You should also think of it as a system, a system that is easy for you to remember but that creates codes that are nearly impossible to break.

The following steps will protect you from a number of different types of password breakers, from dictionary attacks, which cycles through every word in the dictionary until the right one is found, to a program that simply guesses each and every character. By using the following steps, you can increase the likelihood of your password being guessed from about one in a million to one in 10 trillion, which would take a password program that can guess a million words a second three months to guess all the possibilities.

Step 1. Pick a core phrase, one that is at least five words long. It can be a line from a song, a title, anything that sticks in your head, and from there you can use the first letter of each word to create your word. For example, aqotwf, which stands for, All Quiet on the Western Front.

Step 2. Develop a method where you replace lowercase letters with capital letters, numbers or symbols. Mix it up but keep it consistent (i.e. always write certain letters in capitals, or always replace an a with an @) so you don't have to write it down. My code is now @QotwF.

Step 3. While you can use the same core password, customize each password to each site or application. To do that, add one to three characters to insure that each password contains a number, and also make sure the code is at least seven characters long. To make this easier, base these additional numbers or letters on the website or program you are using. My password becomes L7@QotwF. That's taking the L from the last letter of Hotmail, and 7 for the fact that Hotmail has seven words.

Step 4. Write down your hint. As long as you understand your methodology, it will be easy to jog your memory to remember each of your passwords. Some recommend writing down all your passwords and keeping them in your wallet, as you always know when your wallet goes missing.

Step 5. Create different core phrases. You can do one for basic accounts, another for credit card transactions, and still another for online banking. While some suggest passwords be changed every 90 days, others say it’s enough to change them when Daylight Savings starts and stops.

Here’s an example of a wallet card reminder:

Basic: aqotwf
Shopping: ahwosg (A Heartbreaking Work of Staggering Genius)
Bank: himym (How I Met Your Mother)

While these steps might seem complicated at first, once you get your system in place and start using it, I assure you it becomes much easier.

Posted by pschooff in Better Protection • Small Medium Enterprise |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/775