March 15, 2014

Update on password management -- how to choose good ones

Spotted in the Cryptogram is something called "the Schneier Method."

So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary. Of course, don't use this one, because I've written about it. Choose your own sentence -- something personal.

Here are some examples:

WIw7,mstmsritt... When I was seven, my sister threw my stuffed rabbit in the toilet.

Wow...doestcst Wow, does that couch smell terrible.

Ltime@go-inag~faaa! Long time ago in a galaxy not far away at all.

uTVM,TPw55:utvm,tpwstillsecure Until this very moment, these passwords were still secure.

You get the idea. Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password to create a lengthy password.

This is something which I've also recently taken to using more and more, but I still *write passwords down*.

This isn't a complete solution, as we still have various threats such as losing the paper, forgetting the phrase, or being Miranda'd as we cross the border.

The task here is to evolve to a system where we are reducing our risks, not increasing them. On the whole we need to improve our password creation ability quite dramatically if password crunching is a threat to us personally, and it seems to be the case as more and more sites fall to the NSA-preferred syndrome of systemic security ineptness.

Posted by iang at March 15, 2014 08:25 AM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.