By Mr. Fubblestwort on August 12th, 2012
I meet so many people who use passwords that they can remember. I try to tell them not to do it, but it’s no use, they just don’t listen. I want to convince you not to do this. Criminals do all sorts of really bad things, from stealing your money, using your bank accounts to launder their dirty money, to distributing child pornography, using YOUR computer. How are you going to explain this, if it happens to you?
Passwords that you can make out of recognizable words are easily crackable. It takes a PC (let alone an array of servers…) very little time to demolish even a non-word, short password. Try eight random letters and numbers, or your date of birth;
Don’t forget, that the site above doesn’t even try a ‘Dictionary Attack’, which uses ALL human languages – armed with that (and they are), a malware system is even more effective at cracking your passwords, plus there are also complex algorithms that look for groups of characters and relationships, so don’t use licence plate numbers and stuff like that either.
Today, our online world is full of the need for passwords, so being able to remember a password makes it next to impossible to EFFECTIVELY protect ourselves without help.
Effectively, that’s the issue. Really, your passwords should be AT LEAST 16 characters long (certainly no less than ten) and consist of a random combination of numbers and letters that DO NOT form words in any language. Preferably, they should include other characters too; “^(_-*>$+%”.
Most people have trouble with that. The solution is the use of a Password Manager. Fortunately, there are two really good ones that are FREE;
ROBOFORM – this sits on your PC or on a USB flash drive and monitors what you do. Whenever you enter a user name and password combination it picks up on that and remembers it for you. The next time you visit that same site, it fills-in the details for you. Roboform is quite good, but the downside is that it doesn’t let you have so much control (also, the free version is quite limited). However, if you just want something that “just does it for you and you don’t care how” and you don’t have many passwords to remember, then it’s ideal.
KEEPASS – This is an open-source, FREE application that also sits on your PC or on a USB flash drive. The difference here is that you have to add user names and passwords, plus the address of the site to its simple telephone book-like screen. You then have to choose which saved entry you want to use and click on a button to go there and the details can be pasted into the correct fields. It’s not as automated as Roboform but it isn’t hard to use and is, by contrast, really fully free.
Both of these systems require you to have a master password, so there will be some memorizing to do. This author uses one that is well over twenty letters numbers and symbols. Type that (start with just twenty random letters and numbers ) into How Secure Is My Password and see how it goes. Convinced?
O.K. to achieve this, it will take a month, but after that you will never need to look back. Only you will have the key to all your keys. First of all, use your Password Manager’s “Generate” function to produce a really long one. Print it out and keep it with you at all times. If you lose it, start again – don’t lose it ;-). Now break that into seven chunks (humans best remember things in multiples of seven). Practice using it DAILY, or better still, many times during EVERY DAY. At first it will be hard, but it gets easier. Try to use the paper less and less. Eventually, BURN THE PAPER – it’s your ‘Achilles Heel’.
After you have had this in your head for a few months, you will feel confident enough to start swapping blocks around :-). Later on, you can add-in, or change different blocks.
Now, you can have literally thousands of passwords that you can safely use, because you don’t need to know what they are. One important point to remember is that passwords should be changed often. Conventionally, that would be a nightmare, but user “Jimmy Smith” with password “A1ks63$267%o27*9bha1” today can be user “Jimmy Smith” with password “H61!f208(h256Z&+1h’B” tomorrow and it’s no trouble for Jimmy to do it!
Also, Password Managers make it harder for ‘Trojans’ and other malware to capture the data as it is no longer typed in from the keyboard and they use a variety of techniques to prevent the malware from looking at the internal buffers to grab the data that way too.
So hackers, Trojans and malware (nowadays produced and run by organised crime…) will now find it much easier to attack the other dummies who still try to remember their passwords the old way. For the criminal, it’s a numbers game and by employing this tactic, you have just made it too hard for them to bother with you, so they will move on to easier pickings.
P.S. If you don’t believe me, head on over to ZoneAlarm’s blog; http://www.zonealarm.com/blog/2014/01/why-you-should-take-your-passwords-seriously/
Mentioned in the above ZoneAlarm article in a comment was Password Safe, which is also free. The only people that didn’t like it on the SourceForge site (one, or two – a tiny percentage) thought that it was unsafe to store passwords ANYWHERE – the other 200 or so thought it was a great program that was easy to use! My thoughts on the ‘hackability’ of software are well yes, thechnically someone could compromise – if they were expert enough. However, as I said earlier, you are no longer in the group of dumb sheeple that use “johnsmith1978″ and stupid stuff like that, or worse, so the busy, ‘time-is-money’ criminals will not bother with you now. Besides, the whole reason people fail to use good strength passwords and manage them properly is because it is too hard to do. If this method makes it easier for you and harder for the hacker, then you are one rung up the ladder. If you find it too hard to create and remember proper passwords, you’ll use daft ones, so this method gets over that.
UPDATE March 2015
Found a site that offers a possible solution for those who absolutely must have a copy of their password with them;
Because all the numbers, letters and symbols are on the card, it might give the finder a springboard – it depends on your strategy for memorizing. For example, there is no need to pick characters from left to right, or from top to bottom, etc (not suggesting that you would, of course). Anyway, it looks to be pretty strong, if used properly, but note the caveats about making any kind of marks…