Many aspects of our lives are protected in one way or another with passwords.
A Password needs to follow contradictory rules.
- It needs to be easy for us to remember.
- It should be close t0 impossible for anyone else to guess.
Many password protected sites attempt to get users to use passwords that adhere to the second rule, yet ignore the first one, by adding a degree of complexity to all passwords.
Ideally you should also add two-factor authentication too, but that is a whole other subject.
The problem is that adding any level of complexity to your password makes it more difficult to remember, unless you start to think a little different.
Social engineering will allow ‘a bad person’ to guess your password, usually with a surprisingly small amount of knowledge, this is because the quest for complex passwords has exactly the wrong effect.
If a site want a password that is at least 6 characters long and, as is usual, it demands that the password includes a mix of upper and lower case letters, numbers and perhaps a ‘special character’, the most common passwords will…..
- Begin with a Capital Letter – this satisfies the upper/lower case part.
- End in a special character – usually ! or ?
- Have 2-4 numbers prior to that last special character
- Include the name of a loved one.
If you have a child called Fred, you was born in 2012, there is a huge chance that your password is “Fred12!” (or Fred2012!) or if they were born on August 9th, then “Fred98!” (or Fred9812!) will be among your primary choices.
This is stupid. Incredibly, fantastically stupid.
Your passwords are gatekeepers to a massive amount of information about you. Information that could empty your bank account, trash your reputation and generally make your life extremely tough if they are cracked.
How about we think of a better way or creating passwords and securing our digital lives?
Passwords need to be easy to remember, yet close to impossible to guess.
Lets talk about the ‘easy to remember’ part
What is your favourite colour ?
What is your favourite animal ?
What is your favourite dish ?
Perhaps you like green, unicorns, and thai food ?
So your password could be greenunicornthai
It is already super easy to remember. Three of your favourite things mashed together.
But it is not complex enough, we need special characters, numbers and a upper/lower mix in order to follow the rules for the majority of sites.
Lets setup a rule for substituting in some special characters
a becomes @
e becomes 3
i becomes 1
So my new passwords is now gr33nun1cornth@1
I still need a mix of upper and lower case letters though
The easy way is to capitalise the first letter of each word within my password
This passes every test, it is super easy to remember and super difficult to guess.
My advice therefore is to pick three words that you will remember, string them together and create a little text and capitalisation rule that you can remember.
Password! is dead, long live Gr33nUnicornTh@1