Monday, September 2, 2019

How To Build And Remember A Strong Password

The first stage in helping to secure our devices or online accounts is to construct strong passwords. A strong password is one that cannot easily be guessed or generated by human or automated attacks. Strong passwords are long, and they should appear meaningless to others.

Because strong passwords have to be difficult for somebody to guess, it may also become difficult for you to remember your passwords. You can get around this problem by using a secure password manager. You then need to remember only the password you use for your password manager account. The password manager looks after all other passwords.

Constructing a strong password

The basic rules are simple: 

1) Make your password a long stream of random characters
2) Use a mixture of upper and lower case letters 
3) Include some non-letter symbols 

The longer a password is, the harder it is for trial and error attacks to stumble on it. Using the letters A-Z and digits 0-9, there are more than 94 million ways to make a 9-character, single case password. There are more than 9 trillion ways to make an 18-letter combination from the same set.

By introducing a mixture of upper and lower case letters, we increase the number of possible 18-character combinations to over a quadrillion (a quadrillion is 1 followed by 15 zeroes). Adding in six symbol characters to the mix makes 12 quadrillion plus combinations possible. 

Method for building a password

One good idea is to select a random location from a book, or another text source, and choose the first or last character in a given number of words from that location. To demonstrate the principle, we will construct an 18-character password using the play Romeo and Juliet. You will have to remember your master password. Writing it down somewhere is bad practice, so you need to come up with a system that will enable you to retrieve it. As we build our password, we will also build a key that will help us do this.

We decide to start at Act I, Scene I and choose the first 12 words of spoken text (ignoring stage directions, who is speaking, punctuation, etc.). The opening 12 spoken words in Romeo and Juliet are:
Gregory, o' my word, we'll not carry coals.  
No, for then we  

We take the last letter of each of those words to begin our password, which gives us: 
yoydltysorne

We start to build our key at the same time. Since we only use the works of Shakespeare, we can use an abbreviated key, 12LR&JAISI, for Romeo and Juliet, Act I, Scene I. The '12' at the start of the key tells us how many words we're picking, and the 'L' tells us we are using the last letter of each word (we could use the first letter and code F). 

We now want to capitalize some of the letters. We can use a simple pattern, like capitalizing every second letter, or something less obvious. Let's capitalize every fourth letter.

We now have: 
yoyDltySornE

We add U4 to our key to tell us every fourth letter is uppercase, giving us: 
12LR&JAISIU4

Next, we want to add some digits and symbols to bring our password up to 18 characters. We end up with:
4y%oy2DltySo$r#n6E

This is a very strong password indeed. 

The last step is to add the digit and symbol information to our key. We use a simple position, character pair to tell us the rest of our password. 14 tells us that at position 1 is the digit 4, 3% tells us that at position 3 we have the % symbol, and so on.

Our full key now looks like this:  
12LR&JAISIU4143%6213$15#176

This is indecipherable to anybody else. (Do not tell others what techniques you are using to construct your passwords. If they know your techniques, it gives them a chance of working out your password). You can store your key as your password recovery hint in your password manager. In this example, if we ever forget our password, all we need to do is look up the appropriate part of Romeo and Juliet, and we can rebuild it.

Flexibility

Note that we can make multiple passwords from the same piece of seed text just by changing our capitalization rule, by using different symbols and digits, by positioning symbols and digits differently, or by using the first letter of each word instead of the last. To recall our password, all we need is the seed text and our key. We chose to use Shakespeare because any of his works can easily be found online, so we have no need to worry about being unable to access our seed text.

You can use whatever method you prefer to choose seed text. As long as the seed text is globally available to you, you will never have to worry about forgetting your master password

Robert Blake
877.860.5831 x 190

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Week In Breach