Home 
Dan's Blog Passionate About Passwords
Dan's Blog Passionate About Passwords
Passionate About Passwords
Written by Dan Schaefer
For the past year or so, I’ve been leaving lots of comments on other websites. I’m finding that as I get older, I get more opinionated. Maybe that’s a right of passage or something.
Anyway, I came across an article in Network World Magazine dealing with the art of creating strong passwords. The author presumably had some good tips for creating strong passwords, but unfortunately, as of this writing, that critical part of the article was missing. I’m sure the folks at Network World will fix this soon.
Regardless of the fact that half the article was missing, I left a comment anyway, because this is a topic I feel strongly about. My belief is strong because I’ve had my website hacked by some Moscow-based hackers a few years ago. In that case, I was protecting my website with the password “Mizzou82”, which is a description of my college followed by the year I graduated. It probably took the Russians about 30 seconds to break it.
My comment in Network World went something like this:
Hey I don't mind writing down the passwords. I have 50+ passwords, and I don't use the same password across different accounts. Even my NetworkWorld password is unique. They are all truly random, no keyboard patterns or anything.
I admit that writing down all my passwords would seem to defeat the purpose of having passwords in the first place, but I don't have an elephant's memory. So I figure writing them down in a place that only I know of is more secure than using simple passwords or using the same password across multiple accounts. I not only write down all my passwords, but I scan the list and put it on a private directory on my computer drive. In case my list is stolen, I have a backup.
To protect the list, use this tip: When writing down your passwords, change a character to something else that is related. For example, the real password may be K9d-0$2fRU. So the password I write down would be K9f-0$2fdRU. The difference here is in the third character, and it is obtained by using the keyboard character next to the real one. In this case, substituting a "d" with the character next to it on the keyboard, "f". It doesn't have to be the character next to it; it could be diagonal or some other pattern that only you know. And it doesn't have to be the third character either. Just use a pattern that you can remember, and use the same pattern across all of your passwords. If someone discovers your list, it will do little good because:
A) All passwords are random so the real one cannot be guessed from the distorted random one, and
B) Even if that person knows one of the characters is different, he won't know which one nor what to do to unscramble it. (Hey, maybe two or three characters are different, depending on whatever pattern you choose!) Sure, he may yet figure out the pattern sooner or later, but by that time, you've presumably changed all passwords.
One other advantage to writing down all your passwords and keeping a duplicate copy: If your list is stolen, you can use your dupliate list as a reminder of what passwords need to be changed.
There you have my advice on passwords. In short:
- Create good passwords from random characters, numbers and symbols.
- Write down your passwords by scrambling them in a way that only you know about.
- Make a duplicate of this list.
- Use the duplicate list to know what passwords must be changed if your list is stolen.
- Use a different password for each account. You don’t want one compromised account to blaze a path to the next.
Best,
Dan
Set as favorite
Bookmark
Email this
Trackback(0)
TrackBack URI for this entry
Comments (0)
Subscribe to this comment's feed
Write comment
