No matter what security measures an Internet site takes, poor passwords can ruin everything. Having strong unique passwords for each site is essential. In this post we’ll cover some tips how to make strong passwords.

One of the most important rules is to not to reuse passwords in different sites. If you have used the same password in many sites and the password gets compromised, all the other sites can be broken into using the same password.

At Intoloop we store all the passwords strongly encrypted. Even our team has no way to know your password. But this might not be the case with all the other sites out there. So by stealing your password from some other site could make breaking into your Intoloop account very easy.

So, you will need probably dozens of passwords. You may start wondering how one can remember all the passwords? Luckily there are a couple of options to help you on that. You can either use a password manager program or write them down. Yes, I really said write them down.

Before I tell you how you can safely write down your passwords, I’ll introduce you 1Password which is a product worth checking out if you want to use a password manager program. It is easy to use hand has good browser integrations. And it doesn’t cost too much.

Let’s get back to writing passwords down. Tratitionally writing passwords down has been considered as the worst thing to be done but the attitude has been changing as more and more stronger and stronger passwords are required all the time. But never write down whole passwords, site names and usernames. Only parts of the passwords.

4 Steps For Creating Perfect Passwords

Here I’ll describe you the steps how to make strong passwords write them safely down. This method is sligthly modified version of a system originally presented by F-Secure. Here are the steps.

Step 1 – Generate a Site Identifier

For each site generate an identifier that will help you to connect the password to the right site. You can use the site’s name or slogan to mash up this identifier. For example for Intoloop I could come up with “iNp” for example. When you see this, you can connect it to Intoloop but probably someone else cannot.

Step 2 – Add Random String to Site Identifier

Then for each site generate something really random and unique. For example “6h.wP3“. Now you can add the site identifier and the random string and you’ll have a site specific password part which is “iNp6h.wP3“. You also see that it is not obvious that this password is connected to Intoloop. This is the part of the password you should write down in your password list. But remember, do not write site name or login name or email in to the same paper. Note that you can also add the site identifier at the end or in to the middle of the random string.

Step 3 – Generate Master Password

Now you have to generate a master password. This master password should never be written down and you should memorize it and keep it safe. Here is one example that may help you generating and remembering strong master passwords.

Start by looking around you and pick for example two interesting items that have some kind of text in them. Then memorize these items. After memorizing the items create 2-4 characters long strings out of the text on the items. Also make sure that the mashed strings have both lower case and upper case letters, numbers and punctuation. Finally connect the mashed strings and your master password is ready.

Here is an example. Right now I see my MacBook and five poker chips. I could for example mash these to strings “Mcb” and “5*P“. Together they form the master password which is “Mcb5*P“. If you ever forget this, you can recall the items you selected and I’m sure you’ll remember your master password also.

Step 4 – Connect Site Specific Part and the Master Password

Now add your master password to site specific password. You can add the master password to the beginning, to the end, to the middle or anywhere you want to. If you choose to append it to the end, the final password would be “iNp6h.wP3Mcb5*P“. Remember not to write the final password anywhere.

You’ll also notice that the final password generated using these steps is quite strong as it is unique, it has at least 10 characters, has random lower and upper case letters, numbers and punctuation and is not a plain word or a common string that is easy to type using keyboards. And all you have to do is to memorize six characters.

Bonus Step – Carry Your Passwords Around

You can have dozens of passwords on a single paper you carry with you in your wallet for example. If it gets stolen or gets lost, your passwords are safe because you have your secret master password no one else knows, you haven’t written down the usernames and emails used in login information and there is no obvious indication into which site the passwords are valid. You should only be concerned about your credit cards and other valuable stuff.

Now its your turn to make this world a bit safer.

This article is part of About Security series of articles.

P.S. If you happen to have a website or blog of your own, please consider placing a link to www.intoloop.com. Every link helps!

Photos by Infidelic, benjamin-nagel and Plutor

At Intoloop we value our users’ privacy and we’ll do our best to keep your memories safe. However, it is not enough that we do our part on this matter. We also need some help from our users. This blog post is the first in this series to educate you how to maximize your security in Intoloop and in the Internet.

In this post we’ll talk about secure Internet connections that are fundamental requirement for any site in the Internet which claims to be safe. Without secure connections we would only be providing false sense of security and privacy.

From the very beginning we have enforced secure Internet connections so that all your passwords, texts, images etc. are strongly encrypted while they are transfered between your computer and our service. We’ll be enforcing secure connections in upcoming mobile clients as well. In practice this means that no-one can eavesdrop your data and everything you add into Intoloop is for your and your close ones’ eyes only.

Another advantage of secure connections is that you you can be sure that you are actually using Intoloop and not some site that looks exactly like Intoloop but is only up and running for stealing your account or hurt in some other way. If your Internet browser gives you any security errors or warnings while browsing our site, you should stop using our site immediately and contact us.

In upcoming posts we’ll cover more hands on how secure connections are indicated in different Internet browsers and many other interesting things. Stay tuned for that.

This article is part of About Security series of articles.

P.S. If you happen to have a website or blog of your own, please consider placing a link to www.intoloop.com. Every link helps!

Photo by Sh4rp_i