World Password Day 2024
World Password Day occurs on the first Thursday each May. This year it is May 2nd. The day makes a good reminder to update passwords and verify or reset your security settings. To follow the best security practices, modify your passwords at least annually and use a different password for everything that needs protection. In general, a secure password consists of at least 15 characters, including a mix of upper- and lower-case alphabetic characters, digits, and special characters.
Keeping your passwords secure is one of the most important things you need to do to keep your accounts safe and secure. Because it is so very important, I tend to create a column for each May to remind people about various ways of creating secure and hopefully memorable passwords.
A Word on Password Managers
Many people recognize a password manager as a good way to create and store secure passwords. Both the Firefox browser and the Google Chrome browsers have password managers built into them. The passwords stored synchronize between your phone and your computers if you install the browsers on both devices. Be aware that Chrome Password Manager currently has some vulnerabilities apparently due to the use of Microsoft Security.
Practically Perfect Passwords
Practically Perfect Passwords is a way that I share to create memorable passwords that tend to be secure. The system builds on rules to follow that lead to strong passwords. Rules are included to generate letters, numbers, special characters, capitalization rules, and sequence rules. You can also add letter change and other special rules. An example of a simple set of rules might be:
· Use a memorable phrase from a song lyric, poem, famous quote or phrase or another source. Use the first letter of each word in the phrase and make sure you have at least 7-9 letters. Selecting a separate phrase for Highly, Moderately, or Lightly sensitive access.
· Select two to four or more memorable numbers.
· Pick the symbols above the first two numbers from the previous rule and insert the number between them.
· Pick the first two and the last two letters of the domain name of the website.
· Concatenate the result of each of the first four rules in rule order.
· Capitalize the first and last letters and each letter that is adjacent to a symbol.
So applying the rules to Amazon.com, I might get:
“The Beatles say ‘We, all live in a yellow submarine’” à tbswaliays
The year Columbus sailed the ocean blue. à (1492)
!$ à !1492$
Amazon.com à amon
tbswaliays!1492$amon
TbswaliayS!1492$AmoN
Applying the same rules to Facebook would lead to the password TbswaliayS!1492$FabK
A Password Codebook
A couple of years ago I wrote about a method to create a password codebook. The codebook is based on an idea to create passwords by randomly selecting words from a word list. My problem with the original idea is that I have over 800 passwords and I have trouble remembering a single list of five words. These short word lists still work well if you need to remember a single password for a primary password for example. I had another idea, create a code list where each letter in the alphabet corresponds to a randomly selected word.
Make the code list by selecting a random word for each letter of the alphabet. The randomness is enforced rolling dice randomly selecting words from a word list. The electronic Freedom Foundation (EFF) maintains these word lists for this purpose list at https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt. The lists have numbers reflecting the roll of dice. The numbers pair with words on the list. A die rolled five times creates a five-digit number. The number matches one word of 7776 unique words on the word list. To select a random word from the list, roll the die 5 times and lookup the word on the list that matches.
Create the code list by adding a line for each letter of the alphabet and rolling die to get a word to match with that letter. To finish the codebook, we create rules again. One rule selects letters from the domain name. Another rule will tell us how to separate the words from each other. This is where I use the numbers and symbols, but you can choose your own rules.
To provide the Amazon example let’s assume the words in the codebook are A=Gravel, M = Laundry, and N=Junkie, O=Upper. For the number rule, we will use the digits 1492 and use the last 3 digits to separate the words. We will use the symbols to begin and end the password. The capitalization rule will be capitalizing any letter to the right of a symbol or digit.
This should give us: !Gravel4Laundry9Junkie2Upper$ A very strong password indeed. While it is not easy to remember, it is easy to recreate by using your codebook. Store the codebook in a secure file and look it up when you need it. Create a new codebook annually and replace your passwords on World Password Day.
Lighter Weight Passwords
Yes, I do have more than 800 passwords, at least according to my password manager. However not all of my passwords are as robust as the ones I suggest here. Many websites I do not trust to store my password properly and I do not give them any true data about me, but I want to access the data they offer. These websites get a still secure but lighter weight credential and often do not get a real name or email address. Instead, I use a disposable email address. And I select two random words using the dice method and I reuse these two words instead of the poem or song lyric. I also change the rule for selecting letters from the domain name and the number and symbol selection rules.
Monitoring the Passwords
Both Google, Firefox, and now Windows 11 monitor your passwords to see if they are compromised. Other password managers and some antivirus programs will also check. You can check a password yourself by using https://haveibeenpwned.com/Passwords.
And in the End… Have a happy World Password Day. Until next month, stay safe online!