Password Security

Do you practice good password policies? It’s so easy to fall into the habit of using the same password everywhere you need one. Worse, we often use simple passwords that are far too easy to guess, or crack. So what do you do to make a password that’s easy enough to remember, but difficult to guess/crack? Not only that, but use a different password on every site, server, and application?

To start with, you need to come up with some kind of system to make complex passwords that are simple for you to remember. The most common practice is to make a string of words into a string of letters & numbers. For example, a catch phrase that you like: “What did the five fingers say to the face?” could become something like “wdt5fs2tf”. This is a good start, but it’s still not the most secure password, as it is still just letters and numbers. Most systems will allow you to use characters like !, @, #, $, so you can use these characters to substitute for letters, and add on to phrases.

Another method, is to use a “base password”. In this scenario, you come up with a base string that you use in all of your passwords, and append or prepend a unique string based on the site, server, or application name. So for example, your base password could be “zaqwsx” (this is up and down the keyboard on the left side). Then say you need a password for google, so maybe you make the password “zaqwsxg00g!” Then you need a password for yahoo, so maybe that password is “y@h00zaqwsx”. This is an easy way for you to have a different password everywhere, but still have an easy enough way to remember.

Once you have quite a few passwords, it can be quite a problem remembering them. Your first inclination is to write them on a post-it note, and shove it under your keyboard, or on your monitor. Obviously, this is not a very wise move. There are more secure ways to keep those passwords. Our favourite is a program called KeePass. With KeePass, you create a master database password, then enter as many usernames & passwords as your heart desires. Personally, I do not recommend putting super important passwords like online banking, or root passwords, but it’s a perfectly acceptable solution to remember logins to most web sites. Another cool trick is to install KeePass as a PortableApp on a USB key, then keeping the password database in an online storage site like Dropbox. This gives you quick and easy access to your passwords from just about any computer!

About admin

Resident Linux Ninja!
This entry was posted in Security, Tech Notes and tagged , , , , . Bookmark the permalink.

Leave a Reply