World Password Day 2022
World Password Day is on May 5th this year and is observed by updating your passwords and verifying your security settings. In general, a secure password should be 15 characters long, with a mix of upper- and lower-case alphabetic characters, digits, and special characters.
If you want to see the ways I have suggested in past articles to create strong passwords in can be found in my columns from March and April of 2015, January 2017, July 2018, April 2019, January 2020, and May 2021. Passwords should be changed at least annually so I try to repeat this topic at least annually because it is important!
Practically Perfect Passwords
I will repeat here the first method I suggested for creating secure passwords. I call this “practically perfect passwords” (PPP). The PPP method establishes a set of rules that are followed to create your unique password for each website. First, select three or more letters from the website’s domain name. For example, amazon you might pick the first and last two letters “aon.” Next select two digits that you will remember. It might be a memorable day or year like when the Declaration of Independence was signed (1776). The ‘&’ is above the ‘7’ so we will use that as the special character. Finally, we will use a phrase that has been memorized; “water, water, everywhere, and all the boards did shrink;” from “The Rime of the Ancient Mariner.” This gives us “wwewaatbds.” Now if we concatenate all of this we get “aon76&wwewaatbds.” Finally, we add a capitalization rule, first and last characters and this next to a non-alpha character are capitalized. This gives us the final password “AoN76&WwewaatbdS.” The password for Facebook would be; “FoK76&WwewaatbdS.”
Tweaks
There are a lot of ways to tweak the rules to make different passwords. For example, add a number that represents the number of characters in the domain name so Amazon would become aon6 and the password would become “AoN676&WwewaatbdS” and Facebook becomes “FoK876&WwewaatbdS.”
A Different Way
Last year I wrote about using dice and word lists to create hard to crack passwords. I have now created a new method that creates a code book to use to generate passwords. We start by creating a code book of words, one for each letter of the alphabet.
1. On a piece of paper write a list with one row for each letter of the alphabet in order.
2. For each letter roll a single die 5 times and right down each number that comes up next to the letter. This gives you 5 digits from 1 to 6 in value for each letter. Let’s say the numbers are 3, 5, 6, 2, 6.
3. Go to the EFF word list at https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt and look up the word found, the word at 35626 which matches the word laundry. Write the word down next to the letter of the alphabet.
4. Repeat steps 2, and 3 until there is a unique word for each letter.
To create a secure password, use the rule for selecting letters from the domain name and then use the word to replace the letters with words from your list. Separate the words using the digits and symbols of the numbers you selected. My words for the letters A, O, and N are Gravel, Upper, and Junkie, the number we are using is still 76 and special character is & giving us the password “GraveL7&UppeR6&JunkiE.” This password isn’t very easy to remember, but it is very easy to recreate if you have the word list you created. Since each person’s word list will be random and different every password will tend to be unique and the length and complexity will make the passwords impossible to crack using current technologies. But if you lose the list it will be impossible to recreate the passwords.
Multifactor Authentication
While updating your passwords it is also a good time to enable multi-factor authentication (MFA). When MFA is enabled on a system the system will ask for additional proof that you are who you claim to be. You may be asked for a code that is sent to your phone or generated by an app, or you may need to provide a thumbprint or an image of your face for example. You can also store code tables that are used to respond to security questions and you can securely store backup codes in case your device is lost.
Password Managers
I do use a password manager and I recommend that you do as well, but I do not rely on it. The problem for me is when I need to access one of the thousand or so passwords I use when I don’t have access to the password manager. In these cases, I can remember the few rules I use to create the password and recreate it. The best password managers seem to be ones that will synchronize passwords between multiple devices. This makes it less likely that you will not be without the data in a usable way. Keepass is a secure, free and open source, password manager that operates on many platforms.
And in the End…
Have a happy World Password Day. Until next month, stay safe online!