« Blog Home
1 Star2 Stars3 Stars4 Stars5 Stars
Loading ... Loading ...

When it comes to passwords, there are two objectives we need to achieve.

Passwords need to be secure and easily remembered and accessible.

In today’s climate of multiple logins to our social networks, websites, banks, email, etc, we tend to get lazy and stick to a single password which we use everywhere, which poses a great security risk. Even if it is complex, for example T4%gd#3Dv6, if it is used everywhere, someone can pick it up pretty easily, and it is also hard to memorise and recall. The other option is that we have multiple passwords, and with this we often have trouble remembering all of them.

Keep in mind changing a password across so many different applications is a time-consuming experience. However, we should aim to change our passwords as often as possible, about once every three or four months should be fine.

Here are a few tips to help you both remember your password pretty easily, and also make it as secure as possible.

The standard security requirements for a password are:

  • Length — eight characters or more
  • Complexity — not a word from the dictionary, use special characters, use numbers, upper case and lower case letters.
  • To prevent large scale compromise, each application must have distinct passwords.
  • Passwords must not be written down.

    • Step 1
    Pick a meme which you can easily remember e.g. a line from a movie you like, a lyric from a song, your favourite nursery rhyme, etc. For the purpose of this example let’s use a nursery rhyme: Mary Had A Little Lamb, It’s Fleece Was White As Snow. Take the first letters of each of the words in this rhyme and make an acronym. So now we have: MHALLIFWWAS

    Step2
    Transform these letters, adding some form of complexity to them to make them more secure. By doing this we will arrive at the Base Password. You can be really creative with this, but be sure that you can remember your own rules and apply them uniformly.
    Here’s an example…

    Transformation

    Step3
    Create Short codes of about three to four letters to represent each site or application for which you require a password. You then add these short codes to the base password, and you can then have distinct passwords for each of your applications. Example below:

    Application

    Step 4
    Every three to four months create a new base password, by choosing another one of your favourite memes, and keep the rule structure and balance structure the same. To remember it easily, sing the tune of the nursery rhyme in your head, keep a picture from the movie which the line came from, write down the song name and artist or put its mp3 on your desktop.

    This will allow you to have a really secure password every time and always have it right at your fingertips.

    The above was adapted from an internal work mail and I found it extremely useful and just had to share it. It greatly reduces the unproductive time at work, IT help desk technicians would testify to the amount of calls they get with users constantly losing their passwords. This method also increases the security of the information of the company and the individual.




    Related Posts
    • None

    This entry was posted on Friday, June 13th, 2008 at 9:14 am and is filed under Perspective. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    14 Responses to “How to create the ultimate password”

    Nice article. Perhaps more info over the rules behind the transformation is needed though. For example with transformation 2, are you always transforming “S” to “8″; what if my string doesn’t contain “S”? Or is the last character transformed to “*”? Why, and does this change to use different characters?

    I realise that we should formulate our own transformation rules but explaining the rationale behind what seem like fairly arbitrary rules may help people tio do so.

    (Report abuse)

    Steve Crane on June 14th, 2008 at 10:37 am

    Hi Steve,

    The transformation is just an example… you can make any rules you want for yourself. The rules I put into the transformation is just to illustrate the step of substitution e.g. introducing numbers and special characters into the mix of your BASE Password.

    Hope this helps.

    Muhammad Karim.

    (Report abuse)

    Muhammad on June 14th, 2008 at 1:53 pm

    Whoops.. just noticed a mistake… the “8″ supposed to be a “*” (star) please use that instead… slip of the keyboard.

    Muhammad.

    (Report abuse)

    Muhammad on June 14th, 2008 at 1:54 pm

    Hey Muhammad

    I don’t understand how adding the suffix (e.g. -GOOG, or -TWIT) adds much strength to your password. If I managed to obtain your Twitter password somehow, it would be quite trivial for me to guess your google password, surely?

    Your technique for building a strong “base” password is good, but you weaken it each time you re-use it, even by adding a unique (but unfortunately guessable) suffix.

    (Report abuse)

    Tom on June 16th, 2008 at 11:08 am

    Great post. Unique and strong passwords are a must - there are applications out there that will do this for you.

    I work for Passpack which is an online password manager - it generates passwords, logs you safely into websites and stores your passwords so that only you have access to them - not even Passpack can see them!

    http:passpack.com

    You could save yourself time and memory by using tailored applications.

    Hope it helps!

    Louise

    (Report abuse)

    Louise on June 16th, 2008 at 11:22 am

    @Louise Thanks for the tip!

    @Tom The examples given are simple enough for people not to remember them -especially the suffixes, I guess it is a balance between extra security and simplicity to remember. You can however, use the same techniques in Step 2 utilising your own rules for the suffixes as well.

    (Report abuse)

    Muhammad on June 16th, 2008 at 3:50 pm

    So ultimate as in simple, not ultimate as in secure - i can buy that. A wise man once said “given the choice between dancing pigs and security, users will pick dancing pigs every time” :) Thanks for the article!

    (Report abuse)

    Tom on June 16th, 2008 at 7:57 pm

    Nice article Muhammad. Thanks

    (Report abuse)

    Rashaad Essop on June 17th, 2008 at 10:08 am

    @Muhammed You’re more than welcome : )

    (Report abuse)

    Louise on June 17th, 2008 at 11:47 am

    Check out Schneier’s password safe: http://www.schneier.com/passsafe.html

    Also, there’ve been some interesting statistical weaknesses in ‘first letter of a sentence’ passwords, and they aren’t recommended for high security applications. Rather think up a nonsensicle phonetic sound e.g ‘megalooshwe’ then capitalise some letters, *add* some numbers (not replace, replacing letters with numbers e.g. o to 0 adds little extra security), add some punctuation (e.g. .;!&’

    (Report abuse)

    Dominic White on June 17th, 2008 at 5:38 pm

    Well, that’s just useless. The silly comment box can’t sanitise input properly. Where was I, ah yes …

    add some punctuation between syllables as the brain is good at remembering that. This will create something like:

    mEga)loOsh[We96

    Which is surprisingly easy to remember if you thought it up.

    Interestingly enough, from an attackers PoV, the single largest contributing factor to difficult to crack is the length of the password. For example, a 20 character password made up of all lowercase a’s is significantly less likely to be cracked or guessed than a highly complex 6 character password.

    (Report abuse)

    Dominic White on June 17th, 2008 at 5:42 pm

    Whoa. Thanks Dominic, that was very educational :)

    (Report abuse)

    Muhammad on June 17th, 2008 at 7:24 pm

    Wow. Lot of effort in the internet age. Just buy 1password instead.

    (Report abuse)

    T on June 21st, 2008 at 1:13 am

    How To Create A Super Password…

    According to new findings published by the Georgia Institute of Technology, traditional 7 to 8-digit passwords can no longer guarantee a network’s security. Indeed, the increasing availability of powerful graphic processing units means that it is…

    (Report abuse)

    The Social Media Traffic Generation on September 8th, 2010 at 11:39 pm

    Leave a Reply

    All comments must be approved by our editors, click here to read the editorial guidelines for comments. Please allow some time for our editors to approve your comment after posting.

    Send me the Thought Leader daily newsletter
    profile
    Takes Marketing and Social Media with his coffee. Occasionally adds soya milk and some meaning.

    Where I write stuff.
    Twitter.
    Technorati RSS
    Muhammad's links
    Global Voices
    Muhammad Karim on Global Voices
    Waiting in Transit...
    Burinin' Quills, Spillin' Ink.
    more posts
    Academia 2.0
    The eventual chaos of an overflowing desk and the lugging around of a ton of books and papers in the library is the bane of every student doing a rese...
    Tweet for boobs and SA charities
    No, this is not an unsavoury campaign in any way. It is, however, a very noble and innovative campaign aiming at raising money for Breast Cancer Res...
    Microsoft’s $300m attempt to sell us Vista
    I have written before on Apples onslaught on Microsoft and if Microsoft will survive and retaliate with some brilliant innovation. It seems they’ve...
    Things Twitter should have
    A few things about Twitter have been irritating me recently and this has everything to do with its lack of versatility. Twitter's alert function, whi...
    Twitter, Plurk and Kwippy: Let the games begin
    Twitter, Plurk and Kwippy are the micro-blogging platforms gaining the most traction among micro-blogging enthusiasts at the moment. Twitter is leadin...
    latest activity
    Blog Statistics
    Total reads 6229
    Total comments 47
    Muhammad's tags
    advertisement
    All material copyright of the author, or the Mail & Guardian, unless otherwise specified
    Author Login
    Afrigator