Ever had your facebook or yahoo email password hacked? Tired of your friends getting random emails or facebook invites from you that you did not send? Have a hard time remembering complex passwords? This article is for you! With the recent discoveries of security issues relating to heartbleed and openssl vulnerabilities, security experts are recommending that everyone perform the dreaded task of changing their passwords. Yes, even that one that you think is foolproof that you have used for years and years. Here I will show you how to develop a process for not only creating complex passwords but how to remember them. Forever.
What you will learn:
- How to create a complex password that you will not forget
- The real secret sauce- How to remember the complex passwords you create
- How to manage hundreds of passwords from any device
Background:
In my past life, I managed some key elements of security for a local fortune 1000 company known as Mirant. We were a spin-off from Georgia Power/Southern Energy Marketing attempting to make our dent in the universe as a deregulated energy producer. Essentially, we would produce and sell power to the open market at prices determined by supply and demand. Eventually, thanks to the likes of some dishonest folks over at Enron, we became more heavily regulated than many financial and medical entities are today. Forget a defined regulatory compliance, the governing entities for energy would essentially take a magnifying glass to every person, process and application we utilized. With this much attention, a solid security policy became essential and establishing and maintaining password complexity became one of my roles. Part of that role included advisement on how others might adhere to the more stringent policies that were being applied to the systems they accessed on a daily basis. Many employees would log into as many as a dozen different applications at a time. We soon learned that forcing users to keep up with complex passwords can be a double edged sword. When someone can't remember the password they set what do they do? That's right, they write it down. Many times on a bright yellow sticky note right there on the monitor for anyone to see. Obviously, this undermines the efforts of computer security policies so we looked to avoid this entirely. Having faced this challenge, I developed what I feel is the most effective way to create, manage and remember an unlimited amount of complex passwords and below I'll share with you how this is accomplished.
How to create the passwords- (Go ahead and use what comes natural to you)
As we were changing passwords on a very aggressive time frame and requiring a combination of special characters, numbers and letters. I needed to communicate an effective way for the average person to create a complex password that would be memorable to that person. The best answer that I could come up with was to simply utilize what's most memorable to you. Go ahead and utilize your first born's name and birth date. Utilize your own name or even the name of the application you are accessing, so that you might be able to utilize multiple complex passwords while maintaining uniqueness for each. In essence, keep it simple!
How to remember them- (Develop your own secret alternative characters)
If you don't wish to utilize an application in order to gain access to another application, I don't blame you. I personally have over 150 passwords in my head and do not need to reference my password database for any one of them. No, I don't have a photographic memory. This is something you can do as well and it's as easy as it gets. One key element in being able to remember a password is consistency. Now, I know what you're thinking, this goes against the very nature of keeping things secure. But what if, instead of keeping the words the same, you kept the characters the same. Alternative characters, that is. The objective is to create your own personal mapping of alternative characters so that you may turn ordinary, easy to remember words, into complex passwords that would meet the strictest requirements. Here is an example:
Let's take the following characters and produce a basic alternate character:
- a=@
- E=3
- s=5
- i=1
- B=8
Note: Take a look at these alternate characters. Were not just randomly choosing them in this case. There is little chance you would remember them, if that was the case. These characters actually resemble their counterpart so that you will retain the letter they are replacing. Another way to reinforce the ability to remember them is to be consistent and always use the same substitutions. Now, let's take the word "instagram". If you were using that password to access that particular application, I would say you were taking a huge chance on your account getting hacked. However, if you were to replace some of the characters with alternate characters, the complexity changes entirely and the word is no longer even a "dictionary term". Applying our new alternate character method, we would come up with "1n5t@gr@m". Now we have a much more secure version of a password that is easy to recall. After all, it's the same name as the application you are accessing. If you have a momentary lapse of your secret alternative characters, write those down for your reference. Hell, take a big yellow sticky note and slap it right on your monitor for a while until it sticks in your mind. I promise, in this case, no one will really understand what you wrote down anyway :)
How to manage hundreds from any device- (Leverage a password manager)
Managing truly complex passwords for more than a handful of applications can be a frustrating task. Cramming all of that information into your head can be a bad idea since it leaves no room for new information to be stored. For this reason, I recommend a password management application. My personal favorite is Keepass. I've been using keepass for almost 15 years now and I have never had an issue. I even run the application on my smartphone and utilized a secured cloud repository from our cloud services application so that any updates from my phone, laptop or desktop are automatically synced with one another.
If you found any of this information to be helpful. Please share by clicking below. Cheers!
