April 16, 2014

Making a Simple and Secure Password

"Computer Keyboard" by Charles Rondeau
Some people and many IT departments think passwords have to be complicated with numbers, symbols, upper and lowercase letters to make it harder to hack. But the human brain usually can't handle remembering such complex sequences. A password should be easy to remember, but not easy for other people to guess or a robot to hack.

Complex Passwords Aren't as Secure as We Think


Some companies require employees to change their passwords weekly or monthly for an illusion of security. So what do employees do so their brains will remember complex passwords? They write down their passwords and put it in their desks, which defeats the entire purpose of a "secure" password. IT Departments need to consider the human brain when making password requirements instead of only the mathematics of hacking a password.

The Default Password


So often we follow a basic pattern for making a password when it has to be complicated. Most of us use a single word and add numbers before or after the word. These passwords are easy to hack. Many hackers and robots just use brute force by repeating the same word with different number combinations. It's way too obvious when you use the @ sign for an a, the 3 for an E5 for an S, or the number 1 for a lowercase l or an uppercase I. Never use the words passwordpassword1, password2.... Need I say more?

Blending Words or Phrases as Passwords


To accommodate the human brain and better security, IT departments need to think differently. A better approach is to combine two or more words that you can remember because there are infinite more combinations of words than there are of numbers, symbols, and letters. For example, take the words flimsy and icicle and combine them into flimcicle. (Obviously, this is not my password and neither should you use this password.) Passwords can be phrases which are harder to hack than two words.

Choose words or phrases that aren't too closely related to your favorite food, color, saying, or favorite anything else because the most successful hackers are relatives and friends. Stick with few passwords--or variations of them--so you aren't tempted to write them down.

Following the Extra Security Measures


Since many websites require a number, symbol, or upper or lowercase letters, create variations on your main password. Add a number or symbol somewhere within the password instead of at the beginning or end. You can create different levels of secure passwords. For non-financial and suspicious websites, use a less secure version of the password. Have a medium security password. Finally, for websites containing more sensitive information have a more secure variation of your password.

Now you can create a simple and secure password that you don't have to stress about remembering. Remember, if you have to write down the password, change it!

P.S. My husband is a software engineer, so I absorb a lot of technical information through him. I vicariously earned a Bachelor's in Computer Science.

Have you ever written your down your passwords because they were too complex?