What’s the deal with passwords?

--Originally published at TC2027 – Blog will Tear us Apart.

Passwords, oh passwords. The keys to our everything, definitely a pain in the arse.

This is my approach on the defense/user side of passwords, if you’re interested on the attacking approach, read Miss F’s post.

I’m sure we’ve all heard hundreds of times how insecure our passwords are, every year or so, another security blog or company sends in their updated new rules and minimal security measures, but as today, there are some basic principles.

  • Never use your name, birth date, security number, house address or telephone numbers. Neither your past ones, or a family ones
  • Never use sequential numbers. 123456Seven sucks, (ping me if you got that reference)
  • Never use words like “password”, “admin”, “qwerty” as a password. Please.
  • Never repeat passwords. Really, that’s just dumb.
  • Keep them long. Try to use at least 12 characters.
  • Add capital letters and symbols.
  • Do not share them, lass.

I know it’s kinda complicated to remember every password ever, so here I gathered some password making techniques.

Prefix-Suffix method.

I used to give a middle school digital crash course, and normally I used this method of password making. I call it the prefix-suffix method, this method is great for memorizing complicated-ish passwords and becomes an easy way to never use the same password. It’s great for defending against brute force attacks, and might help a little with dictionary attacks. Here are the steps:

  1. Choose the name  TV show, movie, character, song; anything you really like, the obscurer the better. For example, the name of a semi-obscure Jedi master: Plo-Koon.
  2. Now grab that name and scramble it in a way you can easy remember, give it a little twist, add some l33t, you name it; just keep it easy to remember, here’s with our Jedi: P1O^Kunn (Notice that I even misspell it). This
    aint.gif
    Continue reading "What’s the deal with passwords?"