Weak passwords and open doors

If you are reading this article, you’ve probably had your share of headaches as to how to create a password for a given application that is easy to remember; and, at the same time hard for hackers to crack open or otherwise break in.

 

Prior to today, my recommendation for creating secure passwords was to browse https://www.random.org/passwords/?num=20&len=12&format=html&rnd=new, and pick a random password.

The problem with this method is that it forces you to memorize something very foreign to you or to have a method to help you remember the password.

 

If you are a security nut, then you might be using a secure, encrypted, method to track passwords per application / device. 

But what about others who do care about security, but are experts in other areas (just not security)?  Paper notes here and there, sticky notes here and there… a disaster for internal security (a fellow disgruntled employee, the cleaning person, etc.) waiting to happen.

I would like to share a thought process recently shared in the WordPress LinkedIn group concerning security.  Dan Knauss was kind enough to share https://xkcd.com/936/ (see the screen shot below).

[captionpix imgsrc=”http://www.dynamicnet.net/wp-content/uploads/2012/03/password_strength.png” captiontext=”Using four random common words combined for a password is easy to remember, and hard to break” imgalt=”Using four random common words combined for a password is easy to remember, and hard to break” width=”500″ align=”center” margintop=”15″ marginbottom=”15″ theme=”photo”]

The concept is that you would pick four words that you can combine and find easy to remember to form your password.

Now, the caution points I would share from a security expert point  is as follows:

The combination should be at least 12 wide (i.e. all the letters combined are at least 12 characters wide).
Since social engineering (i.e. the process of a hacker getting to know you personally either directly or indirectly — which today can just be accessing your LinkedIn profile, FaceBook page, and so on) is still widely used, the four words you pick should not be words that someone who reads what you publish (write) or verbalize can easily guess.

For example, I know someone who makes it very well know their favorite color is purple and they love horses.  While most hacking today is random (making everyone a potential target), if someone where to purposely target my friend, they have two words — purple and horse(s) — they can use to test breaking in.

Use an application like SplashID, Password Keeper, or the like which can securely store and encrypt your passwords.  Be careful of where the actual data is stored.

Contact us if you have any questions.

About the author: Peter Abraham