myTech.Today

Creating memorable passwords that are hard to crack

Creating memorable passwords that are hard to crack

7 Tips to Create a Hack-Proof Password You'll Actually Remember

By Kerri Anne Renzulli

https://www.newsweek.com/7-tips-create-hack-proof-password-youll-actually-remember-1486319

 

While Newsweek attempts to provide an article that allows you to create better passwords it falls dramatically short of the process.

The NIST (National Institute of Standards and Technology) advises computer users to use a passphrase of several no-meaningful words as your password, something like "donkeytruckapple" for your bank.  The idea is that it will take years for a cracker to crack these three words as your password.

The problem with this is that every site should have a different password, and people are fallible and forgetful and will soon use the same passphrase for every site, which defeats the purpose.  If a cracker gets a hold of a password list, they will use the same passwords to attack other sites in the hope that you use the same password for your bank, "donkeytruckapple", for your mortgage, healthcare, credit cards, etc.

The better method for creating a passphrase is to use 2 characters of the site's domain (the part between the www. and the .com), a word, a number, and a character.

For example, a passphrase of this type that might be suitable for Apple's iCloud is "Ap20purple!".  The first two letters, "Ap" the first two letters of the domain: apple.com.  With each website that you visit, your passphrase will use the first two characters of that site as well.  So the login for Microsoft, using the same passphrase method, would be the following: "Mi20purple!".  In both of these examples, we are capitalizing on the first character of the domain and including the second character in lowercase.

The numbers can be anything.  They can be your birth year, your wedding date, but I like to use the last two digits of this year, "2020", so "20" gets used.  This allows a user to increment the passphrase each year when certain sites force a change for security reasons.

The use of the word "purple" is merely a random choice.  The word should be 6-8 characters long, and be in lower case, always.

The special character can be one of the commonly accepted characters, of which a question mark (?) is not universally accepted on all sites.

So, what ends up happening is that you have an easy to remember the passphrase that is different for each site, that is almost uncrackable with today's technology, and it can be incremented each year when certain sites force you to change your password.

Short of using a password program or app to keep track of your passwords, this is the easiest and most reliable way to create a password.

However, you should NEVER reveal your passphrase to anyone or else they may have access to every one of your accounts if they realize the pattern.