Skip to main content

Creating an invincible password

You think you have a clever password, eh? Well, sorry, guest123 just ain't gonna cut it anymore. Hackers* can crack your English-word-plus-number based password in a matter of hours. With much of our lives moving online, through email, Facebook, online photo albums, banking, etc, Farhad Manjoo's tips on creating invincible passwords is well worth reading. His tips basically boil down to to following two steps:

Start with an original but memorable phrase. For this exercise, let's use these two sentences: I like to eat bagels at the airport and My first Cadillac was a real lemon so I bought a Toyota. The phrase can have something to do with your life or it can be a random collection of words—just make sure it's something you can remember. That's the key: Because a mnemonic is easy to remember, you don't have to write it down anywhere. (If you can't remember it without writing it down, it's not a good mnemonic.) This reduces the chance that someone will guess it if he gets into your computer or your e-mail. What's more, a relatively simple mnemonic can be turned into a fanatically difficult password.

Which brings us to Step 2: Turn your phrase into an acronym. Be sure to use some numbers and symbols and capital letters, too. I like to eat bagels at the airport becomes Ilteb@ta, and My first Cadillac was a real lemon so I bought a Toyota is M1stCwarlsIbaT.

I used to use a single password for everything, from banking to my Unix account at work. It's a miracle I never had a break-in. I now use several passwords, all completely scrambled based on the formula above. Now you, like me, have no excuse not to keep your online life securely locked up!


*Yes, I know that a cracker .NE. haX0r, but most people think "cracker" means something else, entirely.

Comments

Anonymous said…
I use LastPass. That way, I only have to remember one password (and I use the type you describe) but LastPass generates gobbledegook passwords for all my other accounts (email, bank, forums, etc). I don't think LastPass would work for a UNIX account, but I highly recommend it for everything else.
Marshall said…
I've recently jumped on the 1Password bandwagon, and so far I really like it. It integrates very nicely into Safari, so you just have to remember your one master password and it autofills any web page with the appropriate password for that site. And it does let you store arbitrary secure information of any sort, not just web page passwords, so it's good for encrypting unix account login info or medical record numbers or insurance information, etc.

The best part is that it works perfectly with Dropbox for synchronization between machines. Any accounts logged into on my laptop propagate the login info securely to my desktop, and vice versa.

Popular posts from this blog

A view from your shut down

The Daily Dish has been posting reader emails reporting on their " view from the shutdown ." If you think this doesn't affect you, or if you know all too well how bad this is, take a look at the growing collection of poignant stories. No one is in this alone except for the nutjobs in the House. I decided to email Andrew with my own view. I plan to send a similar letter to my congressperson. Dear Andrew, I am a professor of astronomy at the Harvard-Smithsonian Center for Astrophysics (CfA). The CfA houses one of the largest, if not the largest collection of PhD astronomers in the United States, with over 300 professional astronomers and roughly 100 doctoral and predoctoral students on a small campus a few blocks west of Harvard Yard. Under the umbrella of the CfA are about 20 Harvard astronomy professors, and 50 tenure-track Smithsonian researchers. A large fraction of the latter are civil servants currently on furlough and unable to come to work. In total, 147 FTEs

The Long Con

Hiding in Plain Sight ESPN has a series of sports documentaries called 30 For 30. One of my favorites is called Broke  which is about how professional athletes often make tens of millions of dollars in their careers yet retire with nothing. One of the major "leaks" turns out to be con artists, who lure athletes into elaborate real estate schemes or business ventures. This naturally raises the question: In a tightly-knit social structure that is a sports team, how can con artists operate so effectively and extensively? The answer is quite simple: very few people taken in by con artists ever tell anyone what happened. Thus, con artists can operate out in the open with little fear of consequences because they are shielded by the collective silence of their victims. I can empathize with this. I've lost money in two different con schemes. One was when I was in college, and I received a phone call that I had won an all-expenses-paid trip to the Bahamas. All I needed to d

back-talk begins

me: "owen, come here. it's time to get a new diaper" him, sprinting down the hall with no pants on: "forget about it!" he's quoting benny the rabbit, a short-lived sesame street character who happens to be in his favorite "count with me" video. i'm turning my head, trying not to let him see me laugh, because his use and tone with the phrase are so spot-on.