No matter what security measures an Internet site takes, poor passwords can ruin everything. Having strong unique passwords for each site is essential. In this post we’ll cover some tips how to make strong passwords.
One of the most important rules is to not to reuse passwords in different sites. If you have used the same password in many sites and the password gets compromised, all the other sites can be broken into using the same password.
At Intoloop we store all the passwords strongly encrypted. Even our team has no way to know your password. But this might not be the case with all the other sites out there. So by stealing your password from some other site could make breaking into your Intoloop account very easy.
So, you will need probably dozens of passwords. You may start wondering how one can remember all the passwords? Luckily there are a couple of options to help you on that. You can either use a password manager program or write them down. Yes, I really said write them down.
Before I tell you how you can safely write down your passwords, I’ll introduce you 1Password which is a product worth checking out if you want to use a password manager program. It is easy to use hand has good browser integrations. And it doesn’t cost too much.
Let’s get back to writing passwords down. Tratitionally writing passwords down has been considered as the worst thing to be done but the attitude has been changing as more and more stronger and stronger passwords are required all the time. But never write down whole passwords, site names and usernames. Only parts of the passwords.
4 Steps For Creating Perfect Passwords
Here I’ll describe you the steps how to make strong passwords write them safely down. This method is sligthly modified version of a system originally presented by F-Secure. Here are the steps.
Step 1 – Generate a Site Identifier
For each site generate an identifier that will help you to connect the password to the right site. You can use the site’s name or slogan to mash up this identifier. For example for Intoloop I could come up with “iNp” for example. When you see this, you can connect it to Intoloop but probably someone else cannot.
Step 2 – Add Random String to Site Identifier
Then for each site generate something really random and unique. For example “6h.wP3“. Now you can add the site identifier and the random string and you’ll have a site specific password part which is “iNp6h.wP3“. You also see that it is not obvious that this password is connected to Intoloop. This is the part of the password you should write down in your password list. But remember, do not write site name or login name or email in to the same paper. Note that you can also add the site identifier at the end or in to the middle of the random string.
Step 3 – Generate Master Password
Now you have to generate a master password. This master password should never be written down and you should memorize it and keep it safe. Here is one example that may help you generating and remembering strong master passwords.
Start by looking around you and pick for example two interesting items that have some kind of text in them. Then memorize these items. After memorizing the items create 2-4 characters long strings out of the text on the items. Also make sure that the mashed strings have both lower case and upper case letters, numbers and punctuation. Finally connect the mashed strings and your master password is ready.
Here is an example. Right now I see my MacBook and five poker chips. I could for example mash these to strings “Mcb” and “5*P“. Together they form the master password which is “Mcb5*P“. If you ever forget this, you can recall the items you selected and I’m sure you’ll remember your master password also.
Step 4 – Connect Site Specific Part and the Master Password
Now add your master password to site specific password. You can add the master password to the beginning, to the end, to the middle or anywhere you want to. If you choose to append it to the end, the final password would be “iNp6h.wP3Mcb5*P“. Remember not to write the final password anywhere.
You’ll also notice that the final password generated using these steps is quite strong as it is unique, it has at least 10 characters, has random lower and upper case letters, numbers and punctuation and is not a plain word or a common string that is easy to type using keyboards. And all you have to do is to memorize six characters.
Bonus Step – Carry Your Passwords Around
You can have dozens of passwords on a single paper you carry with you in your wallet for example. If it gets stolen or gets lost, your passwords are safe because you have your secret master password no one else knows, you haven’t written down the usernames and emails used in login information and there is no obvious indication into which site the passwords are valid. You should only be concerned about your credit cards and other valuable stuff.
Now its your turn to make this world a bit safer.
This article is part of About Security series of articles.
P.S. If you happen to have a website or blog of your own, please consider placing a link to www.intoloop.com. Every link helps!