Yesterday I wrote about a study that revealed how real users think and act when it comes to passwords and one of the biggest challenges for them was dealing with so many passwords; a problem that led to them using weak passwords and often re-using them to save effort. But there are systems that can make generating and remembering passwords much easier ...
For a few years I’ve used a password system that’s been really successful; the only problem I’ve had has been when entering the passwords but that’s really just because I’m not a very good typist. My system is based on a simple formula and, nope, I can’t tell you what it is exactly but let me give you a similar method:
- Take the first letter of the site’s name in lower case ("gmail.com" gives “g”)
- add the last two digits of, say, your birth year, reverse them ("1963" – not my birth year, alas - becomes "63" which gives “36”)
- Add a “+”
- Add the next four letters of the site’s name in upper case ("gmail.com" gives “MAIL”)
- Add a “-“
- Add the last four digits of your phone number backwards ("888-555-1234" gives “4321”)
- Voila! Your password for http://gmail.com would be “
g36+MAIL-4321”. And for http://networkworld.com it would be “
According to passwordstrengthcalculator.org the strength of these passwords (measured by their information “entropy”) is 85.2 bits and it would take a supercomputer up to 14 years to guess the password while a PC/GPU setup might have to run for 283,717 years to guess it. Not bad at all. Also see Gibson Research’s Password Space Search Calculator which figures that the count of all possible passwords with this alphabet size and up to this password's length is:
… and the site figures the time required for a desktop machine to exhaustively search this password's space, assuming one thousand guesses per second, would be 16.50 trillion centuries while at a supercomputer speed of one hundred trillion guesses per second it would still take up to 1.65 hundred centuries.
And these kinds of formulae are easy to construct and easy to remember.
But what if you’re really lazy or, as many people are, really not very good at these kind of mental gymnastics? You might prefer this tool, the Qwerty Card from Qwertycards ($4.99 with international delivery included):
These are simple plastic cards laid out like a Qwerty keyboard and each one has a unique code; in the above picture it’s “
sh(/J3Hq” to which you add your own secret password, for example, “
catfish”. You then append the encoded version of the site’s name using the character map on the card, for example, “Amazon” becomes “
.u.rqf” which is added to the previous strings to generate the complete password. So, from our examples, your final password would be “
sh(/J3Hqcatfish.u.rqf” which, according to How Secure is My Password could take a desktop PC about 3 septillion years to crack.
While the Qwerty Card might seem to involve a lot of effort in managing passwords it’s really a minimal amount of pain compared to actually remembering scores of passwords and next to no work compared to trying to clean up after your accounts have been breached.
In places normally filled with glowing Apple logos and Windows laptops, Linux users are becoming more...
Tech darlings come and go, and it won't be long until collaboration vendor Slack becomes a memory—like...
A review of 18 companies that offer free cloud storage
Cyber thugs were trying to extort money from iOS users with fake ransomware attacks which would lock up...
Good-bye, programming peers; hello, power to abuse at your whim
Cisco Fellow Alissa Cooper is the new chair of the IETF, along with being the first woman to hold the...
Virtual CISOs can be an invaluable resource for companies with limited resources. But are they a...