Picking A Password You Can Remember
I have always been a secure passwords freak and created wild passwords like: Fxy7^lkjbh77t*78&*(. I would much rather remember my password by using words and it be secure so lets do that instead. First lets look and what most people are doing, how it is wrong and insecure, and then how to make a easy to remember password that is secure and fireproof.
A password of random characters, letters, and digits is very secure and won’t be picked out by brute force very easily and most definitely not a dictionary word attack as its random, has numbers, capital and lowercase letters, as well as symbols. Who is going to guess something so complex… Also, who is going to remember that?
That is why people come up with easy passwords like a dog’s name, a kids name, a place. I have seen it all and yes I have even been asked by somebody once to change their password to 123456 because they kept forgetting it (true story, 100%) and guess what? Look at this!
Top passwords used (hackers know this and LOVE IT!)
Others used – qwerty, monkey, michael, 654321, babygirl
If yours is on that list, change it! If it’s a word at all…… not good but… But wait! Keep it! Lets say you want to use your daughter and son-in-laws name somebody give me 2 random names. Ok, Misa and Chang it is, so your going to use: ‘misachang’ as a password. Not a good password but we can make it better, then even better then memorable but unbreakable.
Poor Password: misachang
Alright Password: MisaChang
- misachang can be broken in an offline attack scenario in 56.47 seconds (under a second in massve attack)
- MisaChang can be broken in an offline attack scenario in 7.87 hours (28 seconds in massive attack)
- MisaChang97 can be broken in 6.12 days in a massive attack.
Now lets put this into an unbreakable but memorable password using Steve Gibsons haystack concept.
MisaChang97!–!–!–! will take a massive attack scenario 1.09 million trillion centuries to break
Haystack is adding something that you can memorize to your password that is already secure. All lowercase is bad so add Capitol Letters, just letters is bad, so add numbers, just letters and numbers is bad so add characters but adding characters makes it hard to remember, secure yes, but hard to remember. Steve created a password as simple as D0g………………… and the possibility to crack this was 9.88 billion trillion centuries. Easy to remember? Yes.
Now, the trick is to make up your own uncommon character set here is some examples I thought of (and don’t just add 21 dots like the example above.
(-::-)(-::-)(-::-) <— Three little pigs
/\^/\^/\^/\^/\ <— TeePee camp in the mountains
~~~..~~~ <– The Moose
Maybe your fave # is 12, then add 12 characters that way you’ll remember how many there is: !!!!!!::::::
I came up with just a few that I wouldn’t forget (I am not using them, sorry, no help to you as to figure mine out and don’t use my examples either) and some of them looked like something so I named them but they are un-common character sets. You don’t have to add these to the end of your password you can add it to the middle, end, beginning, or one on each side if you want. Another is a bible verse for the pass, those are pretty secure too: Jn3:16 plus a haystack character set, that would be splendid (see below).
Jn3:16-|–|–|- (this one would take 1.49 million centuries to break at one hundred trillion guesses per second)
Something as simple as: MisaChang././././. will work and to make it even more secure you can add more characters to it.
The idea is creating a list of characters that you will for a fact remember but will enhance your security and its more or as secure as: Y67%6gHf5^hj which you can’t remember anyways.
Now, I hope every site and login you use is different… Say yes, if not, shame on you I have told you 5,000 times don’t do that! Now use different passwords but keep your character set the same:
And for those of you that keep a list of passwords somewhere, only put the password without your character set in them and if anybody ever grabs that list…. Nothing for them without your character set.
If you want to test your new password against Steve Gibsons equations go here: https://www.grc.com/haystack.htm
Keep in mind that having a secure password will protect you from attempted break-ins, brute force attacks, and someone from guessing your password but will not protect you from phishing, social engineering, and key-logging malware. Protecting yourself from phishing and key-logging attacks is your own responsibility.
If you are having problems with recent attacks and your password has been compromised be sure to make sure your computer is clean from malware before changing your passwords. Run MalwareBytes (click install now on site for free version) and installing a virus scanner such as Avast both of which are free which will help you and prevent keylogging malware and viruses.