Yesterday I wrote about a study that revealed how real users think and act when it comes to passwords and one of the biggest challenges for them was dealing with so many passwords; a problem that led to them using weak passwords and often re-using them to save effort. But there are systems that can make generating and remembering passwords much easier ...
For a few years I’ve used a password system that’s been really successful; the only problem I’ve had has been when entering the passwords but that’s really just because I’m not a very good typist. My system is based on a simple formula and, nope, I can’t tell you what it is exactly but let me give you a similar method:
- Take the first letter of the site’s name in lower case ("gmail.com" gives “g”)
- add the last two digits of, say, your birth year, reverse them ("1963" – not my birth year, alas - becomes "63" which gives “36”)
- Add a “+”
- Add the next four letters of the site’s name in upper case ("gmail.com" gives “MAIL”)
- Add a “-“
- Add the last four digits of your phone number backwards ("888-555-1234" gives “4321”)
- Voila! Your password for http://gmail.com would be “
g36+MAIL-4321”. And for http://networkworld.com it would be “
According to passwordstrengthcalculator.org the strength of these passwords (measured by their information “entropy”) is 85.2 bits and it would take a supercomputer up to 14 years to guess the password while a PC/GPU setup might have to run for 283,717 years to guess it. Not bad at all. Also see Gibson Research’s Password Space Search Calculator which figures that the count of all possible passwords with this alphabet size and up to this password's length is:
… and the site figures the time required for a desktop machine to exhaustively search this password's space, assuming one thousand guesses per second, would be 16.50 trillion centuries while at a supercomputer speed of one hundred trillion guesses per second it would still take up to 1.65 hundred centuries.
And these kinds of formulae are easy to construct and easy to remember.
But what if you’re really lazy or, as many people are, really not very good at these kind of mental gymnastics? You might prefer this tool, the Qwerty Card from Qwertycards ($4.99 with international delivery included):
These are simple plastic cards laid out like a Qwerty keyboard and each one has a unique code; in the above picture it’s “
sh(/J3Hq” to which you add your own secret password, for example, “
catfish”. You then append the encoded version of the site’s name using the character map on the card, for example, “Amazon” becomes “
.u.rqf” which is added to the previous strings to generate the complete password. So, from our examples, your final password would be “
sh(/J3Hqcatfish.u.rqf” which, according to How Secure is My Password could take a desktop PC about 3 septillion years to crack.
While the Qwerty Card might seem to involve a lot of effort in managing passwords it’s really a minimal amount of pain compared to actually remembering scores of passwords and next to no work compared to trying to clean up after your accounts have been breached.
Networking and collaboration vendor Avaya declared bankruptcy on Thursday, calling the move part of its...
The Air Force Research Lab (AFRL) tapped into that notion today as it awarded a $750,000 grant to...
The U.S. government reportedly pays Geek Squad technicians to dig through your PC for files to give to...
The AR in Action conference redefines augmented reality to include many diverse technologies.
A potential victim tries to turn the tables on a spear phisher.
Expectations are high and steadily growing for how serverless computing can revolutionize the way...
Tech companies keep upping the ante to attract new talent and keep current employees happy, and in the...