By James Green ~ September 12th, 2013 5:23 PM MST
Dear reader, this is never an easy subject to broach, and receiving criticism can be tough so we will deliver it as gently as possible with a revolutionary management tool called the “Compliment Sandwich”. We will say something good about you, talk about where you need improvement, and end with something good. Here it goes… You’re a fantastic reader, your password is terrible, and you look really great in that shirt. Phew, I think that went well.
Joking aside, the likelihood that your password is about as strong as soggy noodle is quite high. It is equally likely that you are using one or two passwords across numerous accounts or still using the same password you created five years ago. These are what you call “bad password habits”. We are going to show you how to create a strong, unique password for each of your online accounts and give you the tools to easily remember all of your passwords.
Over the past several years many popular websites have been hacked and tens of millions of users’ passwords have been leaked. Using a single password across several accounts increases the risk of personal or financial loss should your login credentials be compromised in a data breach. At Armor for Android we conducted a companywide survey of who had been affected by data breaches. Participants were asked to visit PwnedList.com or ShouldIChangeMyPassword.com and enter all of their email addresses to see if any had ever been part of a data breach. We found that over 10% of participants had been victims of a data breach. For the individuals affected this was important knowledge that required immediate action. We encourage you to visit either website and check all of your own email addresses to see if your information has ever been part of a data breach. Let us know the results and participate in our Data Breach Survey.
[poll id=”1″][poll id=”2″]
If none of your email addresses have been affected by a data breach that’s great news! Let’s take steps to create a strong, unique password for all of your online accounts so in the future you are unlikely to experience personal or financial loss due to a data breach. If you do find that one of your email addresses has been compromised it is incredibly important to go to the compromised email address and change your password. Do this immediately, we will show you how to create a strong, unique password for your accounts.
HOW TO CREATE A STRONG PASSWORD
Creating a strong unique password is quick and easy with our password formula. It may appear complicated but don’t fear, we have broken the password formula down step by step and we will walk you through how to create your own. This is the password formula we will use to create our password.
PASSWORDBASE + COMPLEXCOMPONENT + UNIQUEID = STRONG PASSWORD
The PASSWORDBASE and the COMPLEXCOMPONENT will always remain the same to make your password easier to remember. The UNIQUEID is the only component of this formula that will change to create a unique password for each of your accounts. Feel free to change the order of these password components when creating your own password.
CREATING THE PASSWORD BASE:
The PASSWORDBASE is an acronym created using a group of memorable information. This acronym should be at least six characters long and contain an uppercase letter, a lower case letter, a symbol and a number.
You can choose any group of information that is easy to remember such as the first name of each of your immediate family members, the lyrics to your favorite song, or the cast of your favorite movie. We will create an example password using family members from the TV show Family Guy, we encourage you to follow allow and create your own password with your own information.
We have ordered the family members by age and created an acronym using the first letter of each name to create “PLCMS”. To increase complexity we include the number of children and create “PL#3CMS”. And finally, to incorporate both upper and lower case letters we have only capitalized the parents’ initials and the children’s initials will be lowercase, giving us “PL#3cms”. Very quickly we have created an easy to remember, strong PASSWORDBASE.
ADDING A COMPLEX COMPONENT:
Since the PASSWORDBASE will frequently contain mostly letters, the COMPLEXCOMPONENT should be numbers and symbols. Use information that you can remember easily to create a COMPLEXCOMPONENT at least three characters long. Here are a few examples:
- Favorite player on your favorite sports team: #12
- How old you were when you married: @30
- A reminder to start your savings account: ^$!
- Love: <3!
- Heartbreak: </3
- High five: 0/\0
- Shark attack: _/\_\0/_
- Shark attacking a cheerleader: _/\_*\0/*_
It’s surprisingly easy to create a COMPLEXCOMPONENT with three (or more) numbers and symbols that is easy to remember. Because we love Family Guy we used ‘<3!’ in our password, but it was hard to pass on the shark attacking a cheerleader.
CREATING A UNIQUE ID:
The UNIQUEID is the only component of the password that will change and should be also be at least three characters. This component is a set of two rules that you can apply to the name of the website (i.e. Google, Facebook, Twitter, etc) to quickly determine your UNIQUEID.
1.) SELECTION RULE – this is used to determine which letters will be included from the name of the website name.
Example: “the first and last pair of letters of the website name”
- Google = gole
- Facebook = faok
- Twitter = twer
2.) ENCRYPTION RULE – this rule is used to encrypt these letters so that the pattern is not obvious in the event an individual password is ever compromised.
Example: “move up one letter in the alphabet for each letter”
- gole = hpmf
- faok = gbpl
- twer = uxfs
GO CHANGE YOUR PASSWORDS!
Using the our password formula we have created the following complex password, that is easy to remember and can be customized for each online account.
PASSWORDBASE + COMPLEXCOMPONENT + UNIQUEID = STRONG PASSWORD
PL#3cms + <3! + hmpf = P L#3cms<3!hmpf
The time has come to employ the techniques you have learned and go change your passwords! Dream up your own password base and find a complex component to include. Then develop your own super secret unique id rules. Using this password formula you will be able to create AND remember strong, unique passwords and protect your sensitive information online. ♦
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email: James@ArmorforAndroid.com; Twitter: @James_AfA