October 25, 2017

How to create a strong password (and remember it) – by Dan Drees

Keeping your sensitive information away from cyber criminals involves more than just avoiding suspicious emails.  Many people forget that creating a strong password is the foundation to keeping unwanted people away from their data.  People also forget that they have a lot of sensitive materials stored on their personal devices.  Some sensitive information includes old tax returns, W-2s, medical records and insurance information.  Having weak (easy to guess) passwords or set of policies around storing your passwords contributes to a large portion of data theft annually.  Such theft can result in identity theft and other malicious crimes.

While it may seem like a daunting task, creating a strong password for every account can be made easy by following self-created patterns.  I developed an application to encrypt and decrypt messages when I was just fourteen years old.  Ever since, I have taken Cybersecurity seriously.  My current profession involves consulting with organizations on their security postures.  After sharing information on this topic, I hope to inspire everyone reading this to create a strong password.

Creating a strong password can be easily done by following these steps:

  • Create complex passwords
  • Avoid common passwords
  • Make passwords memorable
  • Store passwords wisely

The complexity of your password is the backbone of your password, but how do you know if your password is complex?  One good place to start is the keeping passwords twelve or more characters.  With longer passwords, you are increasing the possible combinations your password can be.

In addition to the length, you should use:

  • Upper and lowercase lettering
  • Special characters (e.g. $, *, #, @)
  • Spaces

Using common passwords is bad practice.  Most hackers use automated tools which go through more dictionary words than most people know exist.  Not only do hackers use dictionaries attacks, they use all sorts of combinations.  Multiple words are put together as well as the common character substitution.  Every time a new password is discovered, it gets added to their dictionary for next time.

Some of the most common passwords include:

  • Password
  • passw0rd
  • password1
  • football
  • qwerty
  • zaq1zaq1
  • 123456

Just because a password should be long and complex, doesn’t mean it should be difficult to remember.  It can be three random words connected in a way which makes no sense.  For example, let’s assume you are creating a password for your Bank of America website.  Look around the room and pick random items.  The items I just saw are a picture of my grandma, Congo drums and knives.  Mix it up a little more and I now have “sharp noisy grams.”  Now replace the letter s with a dollar sign and o with a zero.  “$harp n0isy gram$” should be the current password.  To correlate this with Bank of America, I will use “BoA” in my password.  Since I have three words it is easy to just drop the letters in evenly to create “B$harp on0isy Agram$.”

Of course, the more complex we keep the password, the harder it will be for a computer to crack it.  Furthermore, four random words can be easy to remember if we only had to do it once.  We should have different passwords for every website and application.  Therefore, I suggest figuring out a way to incorporate the website in a cryptic manner.

Since the average user has many more than ten passwords, I don’t pretend that it will be easy to remember every combination (if done properly).  Personally, I have over forty passwords.  Hence why many people recommend a password locker.  The problem with relying on a password locker is that all someone needs to do is gain access to one of your devices and they can access everything.  Therefore, I suggest writing an encrypted version of your password down.

Take my previous example, “B$harp on0isy Agram$.”  If I wanted to write this down, I would ensure no one could understand it.  One way to accomplish this is by going back to the original items you used to create the password.  From there you can write them down as “Boa – knife, Congo, G.ma $0.”  At that point, anyone who finds your little password book will never be wiser.

By following my advice, anyone can create a strong password and store it securely.  With the stronger security on your devices, the less likelihood of someone stealing your sensitive information.  After all, a strong password is like a strong lock on your front door (while you are living in a bad neighborhood).  I highly doubt you want a door which unlocks by simply jiggling the handle.