In a previous post, I shared that I’d created levels of passwords to help protect my information. While this method illustrates how I ensure hackers who get into one account can’t then hack into my email or other accounts, using the information they find in the hacked account, I didn’t delve into how I create strong passwords that a typical dictionary attack cannot bust.
What surprises me is how frequent hackers are succeeding with little more than a plain-text password.
We’re constantly reminded, whenever we sign into a new system, how to create effective passwords. Six to seven characters, a mix of numbers, small case letters and capital letters. And yet, we strive so hard to create memorable passwords that we still come up with passwords vulnerable to attack. “ShihTzu456.”
Microsoft offers some tips to creating strong passwords. One of the key points that surprised me: use complete sentences. I’m used to using the first letters of each word in a sentence, but the xkcd comic (right) explains why the sentence strategy makes sense.
I’ve used these tips to create my Level 1 and 2 passwords. But, we still have the challenge of creating a unique password for each system; these tips aren’t good if someone gains access to one of your accounts, and you’ve used that same password for a high-security account.
I’d shared that I’ve got four Level 2 and 3 passwords. Actually, after an inventory of all the sites I use that require passwords, it turns out I’ve got a few more than that. Plus, I’ve got several unique Level 1 passwords. In my opinion, uniqueness is key to remaining secure. So, that’s a lot of passwords to remember. How do I keep track of all of them without writing them down or using a Password Manager?
I create a key — out of a poem.
So dust off your Robert Frost, folks, because that poem you had to memorize in high school is about ready to come in handy.
Two roads diverged in a yellow wood,
And sorry I could not travel both
And be one traveler, long I stood
And looked down one as far as I could
To where it bent in the undergrowth;
There’s five separate passwords right there. There’s four stanzas with five more lines each. The first stanza could be used for your financial accounts, the second for your email, and so on.
Now, I confess: this is considerable work for a password or four — more work than the average person will do. But you’ve seen the consequences — it’s kind of worth it. And, heck. You’ve already got the passwords memorized. You just didn’t know it yet.
When you’re done creating your password, try it out on Microsoft’s Password checker. Bear in mind: they pooh-pooh any password less than 14 characters, so try not to use haikus as your cipher key.