Safe Passwords

How many passwords do you have to keep track of? We thought so… That’s why we built this site to help people come up with safe password management techniques. By the way, if you think you have alot of passwords to manage today, what about in five years when you’re utilizing many more online services than you are today?

Safe Passwords

Safe Passwords: Photo by Ron Bennetts

So, what makes a safe password? It is simple. Length and Complexity. Generally speaking, the longer the password, the better. Generally speaking, the more complex the password the better. Oh, and one more thing… Never, never, never construct a password using terms that can be found in the dictionary. Ok, if it were this easy, we wouldn’t need countless websites talking about safe passwords would we? You also need to avoid using simple character patterns such as “asdf” and “1234″ and “1111″ in your passwords… These are as useless has dictionary words from the standpoint of password security.

Here are some important facts to consider…

  • A three character password (examples: “d5T”, “36y”)  can be hacked in less than a second and often less than that.
  • a fourteen character password (“5g2dx!sgoRg95$”) can be hacked in two million years.
  • use dictionary terms in your passord (“mydogspot”) and all bets are off. Your password can be easily hacked.
  • using all characters (uppercase, lowercase, and special characters – like @#$%^&*) versus just lower case characters significantly increases your password safety. For example, for a 7 character password, an all lower case password “woghslg”) can be hacked in around 2 hours… But, if you bothered to use all characters on the keyboard (“%t@sP*x”), the time required would be approximately 2 years.

So, you’re like, “Ok, ok… I get it. I will start using longer and more complex passwords… but how will I ever remember them?” Well, that is the right question to ask. Here are some ideas to help you create long, complex passwords that you can actually remember.

Our view is that creating passwords with lots of special characters will be difficult to remember. So, as a trade-off, we recommend creating a longer password with mixed case alpha-numeric characters. Here’s how:

  1. Start with a long sentence that you can remember:
    • My favorite web browser is Google chrome which I use 9 times a day (try our new online password generator or the safe password generator)
    • MfwbiGcwIu9tad
    • congratulations, you just created an easy to remember 14 character password with some upper case letters and one number… it would take somebody a long time to guess this password.
  2. Let’s see if we can make a better one… Construct another sentence… Hint, for this one, we’ll create a mapping to convert commas and periods to special characters that we’ll always remember. In this example, for comma, we’ll use the $ character and for period, we’ll use the * character. You can create any mapping you want.
    • When my dog Charlie died in 2007$ I was devastated*
    • WmdCdi2007$Iwd*
    • congratulations, you just created an easy to remember 15 character password with mixed case and a variety of numbers and special characters.
  3. Another safe password example…
    • I married J in 02 and divorced in 05! Oh my.
    • ImJi02adi05!Om*
    • Please note, the use of the ! symbol and the mapping of period to *  as in the previous example.
    • congratulations, you just created an easy to remember, difficult to hack password

Ok, so you’re saying “Great, thank you” at this point… “but, what if I have 15 or 20 sites that require passwords?” Well, let’s see if we can come up with a method for that. Maybe we could construct a really good starter password and modify it to suit each specific new site that we use it on…

  1. One more safe password example…
    • Born in 73. 3 dogs. No kids!
    • Bi73$3d$Nk!
    • Now, append or pre-pend some additional characters for the website resource
    • Bi73$3d$Nk!YM (for Yahoo Mail)
    • F150Bi73$3d$Nk! (for your favorite Ford 150 forum)
    • You could probably use this safe root password on a variety of online resources and be fairly safe…
    • BUT, to be really safe, you’d want another mapping rule set (substitution cipher) to map the service itself to the password portion representing that service. You could make your own substitution cipher and store it in your purse or wallet. So, each letter would map to another letter or symbol or number (Y=3, M=e, G=B, etc)… When you get to the site specific portion of the password, you’d use the substitution cipher method for that portion of the password. More complicated, yes, but probably a safer practice than just prepending or appending something like YM or MSN or GM onto your solid password using the above technique.

Let’s say you want more special character diversity in your password. You could simply include the name of the special character within the original sentence.

    • 3 astericks are better than 2 dollarsigns. Don’t you agree?
    • 3*abt2$.Dya? (you could map the period and question mark to your own characters here)
    • 3*abt2$%Dya@

Please note, we strongly encourage you to come up with your own sentences and mappings otherwise what’s the point? Take some time to invest in a safe password. Some services don’t allow certain special characters or have different requirements for password length so you’ll need to fine-tune your methodology and list of allowable characters in your password accordingly. We’ll address other password tips here on this site and please contribute your own variants, ideas to help others have safe passwords.

Next up, remembering passwords.

{ 1 comment… read it below or add one }

Safe Password Management April 26, 2011 at 12:33 pm

You may also want to check out this online password generation tool.


Leave a Comment