How to create and remember strong passwords

Marja threw me a challenge in her Spam from Xavier comments to write about creating strong passwords. The idea comes from our Lab Blog, where Sean posted about this a while ago.

I am one those people that have a very short attention span for technical instructions, so let me try to explain this as shortly and clearly as possible. Just in case you are like me. :) The idea is to use a system that allows you to do 2 things:

1. Remember your passwords through writing a part of it down. The only thing you need to remember is a part that is the same for all your passwords; a pin if you will.

2. Create passwords that are good and strong, unique and can’t be guessed

Here are the step-by-step instructions:

1. Think of a “pin” for your password, this is the part that is same for all of your passwords. The pin should be 3 characters or longer,  it could be something like “25!” and this part should be kept secret.

2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.

3. Continue the password with a random set of 4 or more characters,  for example: 2299 or xy76. You should use different random characters for your different passwords.

4. Write down parts 1 & 2 on a note and keep is safe so you don’t forget it. In this example you would end up with a note in your wallet with this written down:

  • aMa2299
  • gMaxy76

5. When using the passwords, add your pin to them. Remember again that the pin should not be written down anywhere!  You can decide the location of your pin too. With the example pin “25!” created in the first step we would  end up with 2 passwords that could be:

  • aMa229925! or 25!aMa2299
  • gMaxy7625! or 25!gMaxy76

Tadaa, you now have passwords that are unique and can’t be guessed! And of course you only need to remember a part of it! By having unique passwords you can also make sure that even if someone finds out one of your passwords, the others are still safe.

As a final note, should you choose to use this system, you should come up with your own passwords and not use the ones used in this post or in our Lab’s post.

Hopefully I managed to make it sound relatively easy. If not drop me a question below.

Annika

More posts from this topic

AshleyMadison

Is it OK to cheat on the AshleyMadison cheaters? (Poll)

The user register of AshleyMadison has been hacked. You don’t know what that is? Well, that’s perfectly fine. It’s a dating site for people who want to cheat on their spouses. Many dislike this site for moral reasons, but there is apparently a demand for it. The Canadian site has some 37 million users globally! Some user data has already been leaked out and the hackers, calling themselves Impact Team, have announced that they will leak the rest unless the site shuts down. So this hack could contribute to many, many divorces and a lot of personal problems! "We will release all customer records, profiles with all the customers' sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses." The Impact Team This is one hack in a long row, not the first and certainly not the last site hack where user data is leaked. But it is still remarkable because of the site’s sensitive nature. Think about it. What kind of information do you store in web portals and what bad could happen if that data leaks out? If you are cheating on your spouse, then that is probably one the most precious secrets you have. Disclosure of it could have devastating effects on your marriage, and maybe on your whole life. Millions of users have put their faith in AshleyMadison’s hands and trusted them with this precious secret. AshleyMadison didn’t misuse the data deliberately, but they failed to protect it properly. So it’s not that far-fetched to say that they cheated on the cheaters. What makes the AshleyMadison hack even worse is the site’s commercial nature. Users typically pay with a credit card issued in their own name. They can appear anonymously to their peers, but their true identities are known to the site owner, and stored in the database. So any leaked information can be linked reliably to real people. The sad thing is that the possibility of a leak probably never even crossed the mind of these 37 million users. And this is really the moral of the story. Always think twice before storing sensitive information in a data system. You must trust the operator of the system to not misuse your data, but also to have the skills, motivation and resources to protect it properly. And you have very poor abilities to really verify how trustworthy a site is. This is not easy! Refraining from using a site is naturally the ultimate protection. But we can’t stop using the net altogether. We must take some risks, but let’s at least think about it and reflect over what a compromised site could mean. This hack is really interesting in another way too. AshleyMadison is a highly controversial site as cheating is in conflict with our society’s traditional moral norms. The hack is no doubt a criminal act, but some people still applaud it. They think the cheaters just got what they deserved. What do you think? Is it right when someone takes the law in his own hands to fight immorality? Or should the law be strictly obeyed even in cases like this? Can this illegal hacking be justified with moral and ethical arguments? [polldaddy poll=8989656]       Micke   Image: Screenshot from www.ashleymadison.com  

July 21, 2015
BY 
Mikko Hypponen What Twitter knows

Your favorite breakfast cereal and other things Twitter knows about you

At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for, like a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason

May 15, 2015
BY 
nano freedome

A match made in digital heaven

When an enigmatic and groundbreaking artist started making waves on Youtube, the public was simultaneously curious and in awe of this new type of sonic assault, detached from any specific genre, culture or style. nano draws on life experience accumulated in NYC and Japan to create a truly global aesthetic. nano’s music transcends the confines of nationalities and ethnicities, and reflects nano’s “no national borders” motto. Despite being the product of a united and connected world, nano chooses to be shrouded with a veil of mystery and privacy. Like we here at Freedome, nano believes that personal privacy is a choice and the only person to control it should be YOU YOURSELF. We created Freedome because we LOVE the digital and connected world we all live in. We love it so much, that we want to give everyone the tools to enjoy it to the max by not having to worry about the negative sides that come with it. It’s all about choice and keeping control. A lot of your personal information is shared without your approval, and we should be able to share everything you want without fear of your stuff being stolen or used against you. Just like nano, we think that sharing your passions and keeping your privacy are not mutually exclusive. To celebrate our mutual  love for privacy and a connected world, nano has teamed up with Freedome with a special exclusive song, which can be found here. Join our global troop of digital freedom fighters. Your privacy, your choice.

April 22, 2015
BY