I can’t count the number of emails I’ve received telling me that my password may have been compromised and may now be on a list of “known” passwords.
frank deardurff
Passwords are a topic that comes up time and time again. As more and more sites are compromised, it becomes more apparent that way too many people are guilty of using a weak admin password for their website or other services.
I can’t count the number of emails I’ve received telling me that my password may have been compromised and may now be on a list of “known” passwords. While I take pride in having a strong password that is hard to guess, it is very possible that my passwords have been added to a list that hackers now have access to.
Sadly, this happens due to the fact that many services are not encrypting the passwords they store from their users. That means that if the database for that service is hacked and no encryption is in place, the passwords are displayed exactly as you would have typed them in.
Encryption would “scramble” them in a way that anybody reading it would have no clue what the password is.
There are no standards on what a password “should” be, but many places recommend it be a minimum of eight characters with one uppercase and one lower case letter and one number as well. Others will add to that a special character such as !#$%&^*()_+=- be used.
While the minimum is eight characters, some places use a strength percentage and require a minimum password score of at least 80%.
All too often, people will use children’s names and birthdates as their password or a loved one and address to their house. While that is easy to remember, it’s also risky in that it’s exposing personal details, as well.
The news is littered with reports about identity theft. The more they know about you, the better chance they can figure out your password(s) to gain access to anything and everything about you online.
Password Possibilities
Seems with more and more password attacks, the need to increase password length and strength is even more important so I want to explain some more password creation possibilities.
I can’t count how many times I’ve seen simple passwords I talked about above. This information is readily available if you’ve been truly been hacked. I would recommend staying away from the obvious choices such as family members, street names, addresses, etc. Refrain from using a word as a password reminder.
Think of something memorable to you and make a variation of it. A favorite movie, book, song etc. Pick a phrase from your selection. For example, maybe you’re a fan of the movie “It’s A Wonderful Life.”
You could turn that into a password iAwL3194 by taking the first letter of each word alternating upper and lowercase letters and then using the letter count for each word as a number “it’s” has 3 letters, “A” one letter, “Wonderful” 9 letters, and “Life” 4.
This is easy to remember once you’ve typed it a few times and will become locked into muscle memory. To make it even more secure you could add one of the special characters I listed earlier.
So, you could take our password iAwL3194 and add one of those characters to it such as iAwL3194! Or iAwL_3194. In a quick password strength test the password iAwL3194! scored a 98%. I’d say that meets the requirements we’re looking for.
Now, if that is still too difficult to remember, you could use a similar strategy, again using that same movie “It’s A Wonderful Life” pick out a memorable phrase from it. One I like is “Why don’t you kiss her instead of talking her to death.”
While that is a lengthy phrase, you could shorten it and use some simple special characters to make (minus the quotes). “Why-Don’t-You-Kiss-Her” The dashes act as a special character, and alternate upper and lowercase letters. Using the same password strength test that password ranked at 100%!
Another variation would be to switch a few of the vowels for numbers, As you recall, some services require a number. Using the same phrase, we could make it “WhyD0n’tYouK1ssHer”. I usually wouldn’t recommend swapping every vowel as that makes it too much of a pattern.
As you can see, there are various ways to generate a password that is easy to remember. One additional strategy I’ve read about that makes a lot of sense in the case of services getting hacked. Is using a base code and modifying it for each service.
For example, if we use “iAwL3194!” as our base code, and we are creating a password for our Facebook account, then simply add Fb to the end such as iAwL3194!Fbn or for Netflix iAwL3194!Nf, and iAwL3194!Gm for Gmail.
By doing this, we’ve created a unique memorable password for each service and can have peace of mind knowing we’re more secure than before.
The two password strength tools I’ve used to test the passwords with are:
https://howsecureismypassword.net
http://www.passwordmeter.com
