Seriously, what’s your password? If you can tell it to me off the top of your head, it’s probably not very good.
This past week, the password “happiness” lead to the break in of several high profile users of Twitter. (Read the Wired blog on the incident for more details.) Yes, that was “just” Twitter, but what if that had been someone’s Amazon account, or maybe their bank account?
A Perfect Password
So, what’s a good password? Here’s an example:
This might seem like an extreme example, but this is a good password for several reasons.
1. I couldn’t tell you that password in a phone conversation.
2. I doubt if you looked over my shoulder as I typed it in that you could remember it accurately enough to reproduce it either.
3. It happens to be unique. You won’t find it in any dictionary and I doubt anyone else on the planet has this password. It’s very strong.
This example password was generated by https://www.grc.com/passwords.htm. Visit it and you’ll get a new unique one on every page load. Plus, it’s free, like beer, so go wild. Just remember to keep your passwords in a safe place.
But it’s a pain.
It would be fair for you to protest that using a password like this will make the web a real pain to use. You’ve probably used password managers built into web browsers before and that’s a decent way to “remember” difficult passwords, but you’ve got to start with a good password. There’s not much protection having your browser remember “password123”. (If you’re using Firefox, be sure to set a Master Password on your browser to prevent someone causally going through them.)
If you’re a Mac user, you are so much luckier than you realize when it comes to password management. I can’t recommend the program 1Password highly enough. It will keep your passwords stored in your Mac’s keychain. Your keychain stores all kinds of sensitive information about your Mac, so, of course, you want to protect it with a good password as well. So, in a sense, you’re still stuck, right? You still need at least one good password. I haven’t found as elegant password solution as 1Password for Windows.
A Password Strategy
Although it contradicts one of my rules I mentioned at the beginning, I wanted to share a way with you to create and remember hard-to-crack passwords. You can use a password like this to lock your Mac keychain if you use 1Password, or, you can use it as a method of remembering how to recreate your seemingly hard to remember passwords as needed.
1. Think of a phrase that only you would know. For the sake of this example, I’ll pick one many people would know. “Four score and seven years ago our fathers brought forth on this continent, a new nation…”
2. Now let’s take that phrase apart and make it into part of our password. Any word that sounds “number-like”, we’ll change to actual numbers. This will give us a password piece of 4s&7yao4b4otcann.
3. No one looking over your shoulder would remember that, right? Now let’s take it one step further. That’s your “base” password. Let’s mix in a bit of the URL of the site it’s for, so that no 2 passwords will ever be the same. You can make this rule up to suit you, but let’s say we’ll take the first and last letter of the main URL and make it the 2nd and next to last character in our password. For example, for
facebook.com, we would use 4fs&7yao4b4otcanbn. For myspace.com, we’d use 4ms&7yao4b4otcanen.
Now you’ve got a method to creating virtually uncrackable passwords.
One note about the password we created here 4fms&7yao4b4otcanebn is only an 18 character password. I’ve read that somewhere between 22 and 26 character is what will give you a truly uncrackable password, so when you’re picking your passphrase, try adding in a few more words to provide more protection. Good luck!