Dec 28, 2013
Posted by Robert Creech in: May Contain Nuts
If we’ve travelled the “Password 101” journey together this far then we are hopefully in agreement that network passwords are a good thing, and you have some ideas regarding how to create them. Now we need to consider how we manage and maintain all those other passwords required by the various devices we use, the shopping websites we frequent, etc.
The first rule of passwords is, “We do not use the same password everywhere.”
The second rule of passwords is “WE DO NOT USE the same password everywhere!”
There have been plenty of well-publicised losses of data by various organisations where, even though financial information has not been obtained, user names, email addresses and passwords have. You may have never actually purchased from JustBeenHacked Ltd, but have signed up to their newsletter with your standard username and password. That same username and password you frequently use across the internet includes sites that will contain your financial details. With these details in criminal hands you could well be in for an awkward and potentially costly spot of bother.
So how can one person manage tens of different passwords? One simple option is to use a password based upon your regular, well known, well thought out password. The mnemonic suggestion from part 2, based upon “Mary had a little lamb” is a good place to start.
This seemingly random set of characters is easy to remember thanks to a tried and tested method of password creation (again, see Part 2). Any changes need to be just as easy to remember, but unique to each site you visit. So we create a simple rule and stick to it. With the URL of each site you visit being unique to that site we can use this to create our different passwords.
Start with your password, then take the third and fourth character of the website to which you are logging on. Add these two characters onto the end of the password.
For www.facebook.com we would take the “c” and “e”
For www.amazon.co.uk we would take the “a” and “z”
Remembering our shifting alternate characters and the option to convert some letters to numbers, “e” could become “3” whilst “z” could become “2”
Add these two additional characters as a suffix to our known password. The results;
www.facebook.com has a password of MhAlL1FwWa%C3
www.amazon.co.uk has a password of MhAlL1FwWa%A2
Both results still have the appearance of being a random set of characters even though the mnemonic has provided an easy to remember password and the application of a simple, consistent rule allows the password to be tailored to the site – you don’t even need to remember the password per se, just the standard format you are applying.
For some that might be a bit too much but hopefully now you recognise the importance of different passwords.
We should give passing thought to the various tools available for password management if one wants to go that route – a simple internet search will throw up many examples but I have found the free tool KeePass to be good and reliable. Such tools allow you to store basic information such as logon web addresses, email/user names and passwords in an encrypted database. Of course you do need to remember your password to access the encrypted database so this can be the well remembered, well constructed password you are now using for your network logon. Many of these tools will include a password generator which is very helpful – creating and storing a different password for every site you visit. They can be as complicated and fiendish as you like if you don’t have to remember them because the database does that for you. The only problem with relying on this is that if you don’t have access to the database you don’t have access to your passwords so a backup of the database becomes essential.
Passwords 101 – part 3
Part of the “May contain nuts” series of short articles discussing familiar topics which we should all revisit once in a while.