Good Passwords Needn't Be Difficult
It’s important to have good passwords. A good password is one that is strong and easy to remember. If a password is too hard to remember, it will be changed to something that is likely less secure. There are two threats to password security and we must be safe from both.
The first threat is that it is cracked, hacked, or guessed. A single person can spend $500 on a computer that is capable of guessing 20 billion passwords per second. Imaging what a government is capable of. We must create a password that is mathematically difficult. This doesn’t mean it’s difficult for you to remember, just that it is computationally difficult.
The second threat is that your password is stolen from the service you use. This is more and more common. The solution is to have a different password for each service you use. Initially you might think that would not be possible as I’m sure you uses dozens or hundreds of services which would mean dozens or hundreds of different passwords to remember. But fear not, there’s a human-simple but computationally-complex solution for that too.
The first threat is that it is cracked, hacked, or guessed. A single person can spend $500 on a computer that is capable of guessing 20 billion passwords per second. Imaging what a government is capable of. We must create a password that is mathematically difficult. This doesn’t mean it’s difficult for you to remember, just that it is computationally difficult.
The second threat is that your password is stolen from the service you use. This is more and more common. The solution is to have a different password for each service you use. Initially you might think that would not be possible as I’m sure you uses dozens or hundreds of services which would mean dozens or hundreds of different passwords to remember. But fear not, there’s a human-simple but computationally-complex solution for that too.
Examples:
A simple, insecure password: dog
dog would take about 0.000000183 seconds for a computer to guess. It contains only lower-case letter.
Change it to: Dog
Dog contains a capital letter, which is different. There are 26 letters in alphabet. Adding capitals gives it 26 more letter. This makes it, mathematically, much more difficult to guess. It’s still not safe but it’s better. It takes only 0.00000143 seconds to guess.
Change it to a phrase: DogsLikeBones
DogsLikeBones is much longer and contains upper- and lower- case letters. By virtue of it being longer and using upper- and lower- case letters it is, mathematically, much more difficult to guess. It would take 6,590 years to guess. Yes, we went from fractions of a second to thousands of years just by using a phrase. But hackers have trick. They use a dictionary as a source of real words. They start their guessing with the lists or words. While it might take 6,590 years to mathematically crack this password, in real life it would be done in a matter of hours.
Get rid of real words: D0gsLikeB0nes
D0gsLikeB0nes replaces the letter o with the number 0. This means Dogs which is a word, is gone and it’s replaced with D0gs which is not a word. The same is true with B0nes. Very easily we’ve thwarted the use of dictionary word lists. We’ve also introduce numbers. There are 10 digits which can combine with 26 upper-case and 26 lower-case letters. We’ve again increased the difficulty of guessing the password. D0gsLikeB0nes would take 6,400,000 years to guess and we’ve eliminated the shortcut of using a dictionary.
Add symbols: D0gsLikeB0nes!
D0gsLikeB0nes! is a great password. All we’ve done is add an exclamation mark. It also adds a set of 32 symbols to our list of 10 numbers, 26 lower-case and 26 upper-case characters for a possible password. This makes it more difficult to guess. It would take 1,567,000,000 years to guess.
Make it longer: D0gsLikeB0nes!!!!!
D0gsLikeBones!!!!! just adds 4 more exclamation marks. This alone makes it much more difficult to guess. It would take 128,000,000,000,000,000,000,000 years to guess. I kid you not, 1.24 sextillion years.
D0gsLikeBones!!!!! is almost perfect. It contains an upper-case letter, a lower-case letter, a symbol and a number. It’s virtually unguessable but not difficult to remember. It’s a great password, just don’t use it everywhere. If you use it with example.com and it gets stolen from them the thief will try it with yourbank.com. That's why hackers steal passwords- most people reuse the same one on multiple sites. If that happens, despite having a great password, you’re still in trouble. The simple solution is to have a different password for each site.
The best way to come up with a unique password for each site is to come up with your own way of padding it. For example, you could take the last letter in the domain and the first letter in the TLD. The TLD is what comes after the domain, such as .com or .net or .edu. So for example.com the last letter in the domain is e and the first letter in the TLD is c. You could then take the ec and stick it on the front of your password: ecD0gsLikeB0nes!!!!! while for yourbank.com it would be kcD0gsLikeB0nes!!!!! You now have two different passwords that are easy to remember and are phenomenally complicated to guess If your game website password is stolen from them, you won’t have lost your banking password.
Come up with your own way to pad your password. It could be part of the domain name or something like repeteing the the first letter of the domain 3 times: ccc for comcast.net or aaa for amazon.com Make it something easy to remember, just make sure it’s different for each site. Once you have your own padding, figure out a way to mix it in with your base password. Maybe you add it to the front, or at the end, or both.
Passwords don’t have to look complicated in order to be complicated. ecD0gsLikeB0nes!!!!! is just as secure as ks#$cv7#26^/xx)1@C42 but it’s much easier to remember.
Comments [0]
