Secure Passwords
I cannot stress enough the importance of secure passwords. For any password to be secure, it must contain at least twelve effectively random characters comprised of all four character groups: numbers, upper and lower case letters, and symbols. Using less character groups requires a longer password. A password comprised of only a few words, names, known acronyms, or quotations, no matter how clever it may seem, is not secure. This is because hackers don't always try to figure out passwords themselves; they use programs and lists that do it for them. Using these, it can take as little as a few seconds to a few hours to crack a non-robust password, and with the advent of faster more sophisticated computers and hacking tools, passwords will need more and more complexity to remain secure over time.
You can make strong passwords that are easier to remember by using passphrases. Passphrases are longer strings of random words that make sense only to the user. The sheer length of secure passphrases, however, makes them impractical in some situations. Instead, you can use the initials of each word concatenated into a string with numbers and symbols interspersed throughout. An example would be this variation of a well-known phrase:
seven quick brown foxes jump! straight over one lazy orange dog
Substituting for numbers and symbols, and having all nouns capitalized, we get:
7 quick brown Foxes jump ! / 1 lazy orange Dog \
By concatenating initials, we get:
7qbFj!/1loD\
A perfectly respectable password.
Notice the use of both forward and backward slashes to represent the fragment "straight over". More simply, any single printable ASCII character can be chosen to visually represent any action, object or condition desired, when taken within the context of the original phrase. For example, an asterisk (*) can be thought of as either a simple flower or a star depending on whether the original phrase contained either a gardening or astronomy theme. Other examples include:
O or o the Sun, an egg, "Oh!", a yawn
_ flat, lying down, asleep, low
> or < the hands of a clock, semaphore, right/left, a piece of pie
/ going forward, getting up, going the right way, uphill, up to
6 an opened combination padlock, unlocked, open
Y arms outstretched, throwing the peace sign, feeling good
% a clothes wringer, doing laundry, doing chores
Read from top to bottom, the above list of characters actually contribute to form a password:
O.W,I'b_f9h.H,i'>!I'b/,6tW,Ya%
Within the context of the following phrase:
Yawn. Wow, I've been asleep for nine hours. Hey, it's almost nine o'clock! I'd better get up, open the window, stretch my arms and do the laundry
Omitting repeating punctuations, we get:
OWIb_f9hHi>!Ib/6tWYa%
This password is twenty-one characters long.
Unlike simple obfuscation involving the substitution of letters or numbers with graphical or phonetic equivalents ("p@ssw0rd" and "UBUYIT", for example), the use of characters as personalized icons adds further dimension to the complexity and randomness of a password in that any conventional meaning normally attributed to such characters no longer applies. This contributes to a password that is significantly less susceptible to guessing, precomputed table and dictionary attack; so that an extensive, seemingly random collection of characters as:
~_&Ir2h10&/ww!GMm/,D
makes sense and can be readily put to memory when taken within the context of the following phrase:
Surf's up and I'm ready to hang ten and ride the waves! Get me my surfboard, Dude
Using this technique, it is possible to create passwords of ridiculous lengths that approach the limits of impracticability of brute-force attack, but which are still almost instantly set to memory. If your job requires you to maintain multiple passwords, you can associate them with a particular theme such as the name or subject matter the account addresses. For instance, if you have an account that deals with financing, you can include a dollar sign in the password phrase.
Don't use the same password for every account. This is equivalent to using the same key for your mailbox, garage, car, office, home, safe deposit box, etc. To make it easier, use a password manager such as Password Safe; just make sure that your master password is robust.
However you decide to create your password, it will only be as strong as it is unique (that is, don't use the examples published here or anywhere else) so there is much room for creativity. Indeed, the goal is to create a password that has never before been generated, and this requires sufficient length, key space (the total number of possible characters you can use) and the innovative use of characters within that key space.* Moreover, its ultimate effectiveness will depend on the technologies and policies adopted by companies to safeguard consumer information, which is beyond control of the user. So if you haven't done so already, please check to make sure that all of your online banking, credit card and other important accounts are protected with strong passwords in the event of a data breach.
* In practice, this allows for a password that is more likely to be unique (and memorable) than when passively adhering to standard rules of entropy by, say, tacking on "12345" at the end for sheer length, using only one symbol, and employing shorter phrases in order to avoid repeating characters.
You can make strong passwords that are easier to remember by using passphrases. Passphrases are longer strings of random words that make sense only to the user. The sheer length of secure passphrases, however, makes them impractical in some situations. Instead, you can use the initials of each word concatenated into a string with numbers and symbols interspersed throughout. An example would be this variation of a well-known phrase:
seven quick brown foxes jump! straight over one lazy orange dog
Substituting for numbers and symbols, and having all nouns capitalized, we get:
7 quick brown Foxes jump ! / 1 lazy orange Dog \
By concatenating initials, we get:
7qbFj!/1loD\
A perfectly respectable password.
Notice the use of both forward and backward slashes to represent the fragment "straight over". More simply, any single printable ASCII character can be chosen to visually represent any action, object or condition desired, when taken within the context of the original phrase. For example, an asterisk (*) can be thought of as either a simple flower or a star depending on whether the original phrase contained either a gardening or astronomy theme. Other examples include:
O or o the Sun, an egg, "Oh!", a yawn
_ flat, lying down, asleep, low
> or < the hands of a clock, semaphore, right/left, a piece of pie
/ going forward, getting up, going the right way, uphill, up to
6 an opened combination padlock, unlocked, open
Y arms outstretched, throwing the peace sign, feeling good
% a clothes wringer, doing laundry, doing chores
Read from top to bottom, the above list of characters actually contribute to form a password:
O.W,I'b_f9h.H,i'>!I'b/,6tW,Ya%
Within the context of the following phrase:
Yawn. Wow, I've been asleep for nine hours. Hey, it's almost nine o'clock! I'd better get up, open the window, stretch my arms and do the laundry
Omitting repeating punctuations, we get:
OWIb_f9hHi>!Ib/6tWYa%
This password is twenty-one characters long.
Unlike simple obfuscation involving the substitution of letters or numbers with graphical or phonetic equivalents ("p@ssw0rd" and "UBUYIT", for example), the use of characters as personalized icons adds further dimension to the complexity and randomness of a password in that any conventional meaning normally attributed to such characters no longer applies. This contributes to a password that is significantly less susceptible to guessing, precomputed table and dictionary attack; so that an extensive, seemingly random collection of characters as:
~_&Ir2h10&/ww!GMm/,D
makes sense and can be readily put to memory when taken within the context of the following phrase:
Surf's up and I'm ready to hang ten and ride the waves! Get me my surfboard, Dude
Using this technique, it is possible to create passwords of ridiculous lengths that approach the limits of impracticability of brute-force attack, but which are still almost instantly set to memory. If your job requires you to maintain multiple passwords, you can associate them with a particular theme such as the name or subject matter the account addresses. For instance, if you have an account that deals with financing, you can include a dollar sign in the password phrase.
Don't use the same password for every account. This is equivalent to using the same key for your mailbox, garage, car, office, home, safe deposit box, etc. To make it easier, use a password manager such as Password Safe; just make sure that your master password is robust.
However you decide to create your password, it will only be as strong as it is unique (that is, don't use the examples published here or anywhere else) so there is much room for creativity. Indeed, the goal is to create a password that has never before been generated, and this requires sufficient length, key space (the total number of possible characters you can use) and the innovative use of characters within that key space.* Moreover, its ultimate effectiveness will depend on the technologies and policies adopted by companies to safeguard consumer information, which is beyond control of the user. So if you haven't done so already, please check to make sure that all of your online banking, credit card and other important accounts are protected with strong passwords in the event of a data breach.
* In practice, this allows for a password that is more likely to be unique (and memorable) than when passively adhering to standard rules of entropy by, say, tacking on "12345" at the end for sheer length, using only one symbol, and employing shorter phrases in order to avoid repeating characters.
Router Password
Aside from creating a secure access password for your wireless network, it is also important to change your wireless router's default SSID and set the administrator password to a robust one of your own. These default values are well-known and readily available to anyone wishing to configure a wireless router to suit their own purposes once they have accessed your network. Many newer routers, however, are now being issued with unique default SSIDs and network/administrator passwords.