How to Create Secure Passwords

by Larry Richman (11/01/2011 06:14 am)

The following is from the article “Creating and Remembering Secure Passwords” from the Meetinghouse Technology Newsletter:

Most of us use passwords almost every day—whether it’s for work, school, or simply your personal e-mail. All members need to create a password for their LDS Account. LDS Accounts allow members to have access to a variety of LDS Church resources, including ward and stake websites, familysearch.org, mormon.org, and LDS.org tools. As the Church continues to provide new technologies and online tools, your LDS Account will give you access to these valuable resources. You’ll want to protect your account by carefully selecting a password that’s difficult for others to discover. Here are a few methods for keeping and creating secure passwords:

Use different passwords for each account. It may be convenient to remember one universal password, but having one password also means if one account is compromised all of your accounts may be at risk.
Avoid writing down your passwords. Take the time to memorize each password you need. Writing a password down on paper or in a file makes your password easy to discover.
Don’t use dictionary words, common sequences, or personal information (like your birth date, elementary school, or favorite sports team). These types of passwords are easy to guess.

If you’re worried you can’t remember yet another password, try this trick. First, pick a memorized phrase, like your favorite scripture. For example, the scripture John 15:12: “Love one another, as I have loved you.”

Find words you can easily shorten: John 15:12 Love 1 another as I have loved U
Keep the first letters and numbers, but get rid of the rest of the words: J1512L1aaIhlU

This gives you a secure, but memorable password. The next time you create an account, try using this method with a line from your favorite verse. Share these tips and tricks for creating passwords with the members in your ward.

The following is from the article “Passwords (Family Safety)” in the LDS Tech wiki:

Passwords are the primary tool used to secure accounts from unauthorized access. In many systems they are the least secure of all the elements. While people try to be original and even clever (“secret”, “trustno1” or “letmein”), studies have shown that we frequently pick the same passwords as other people. A hacker armed with a list of common passwords might easily get into your account.

Some of the most common passwords are first names, favorite brands (such as cars), sports teams, hobbies, popular characters, keyboard patterns and words with sexual meanings.

Best Practices

Writing down passwords This topic has different viewpoints. Experts used to advise to always memorize a password on the grounds that a written password might be discovered. However, if a user must memorize a password, they will tend to choose less secure passwords. While putting a password on a sticky note on the bottom of the keyboard is a bad idea for things that should be secured from co-workers or family members, it’s unlikely a hacker working in another city would ever find it. If it is written down, it must be secured and not just hidden.

Use different passwords for different accounts Unknown to you, a website you use may have been compromised and the passwords stolen. They could then be used at other sites. Make sure your passwords are not just different, but significantly different. Predictability may be your downfall.

Password Length Generally, longer passwords are considered more secure than shorter ones. But this is only true up to a point. “Password” is the second most common selection, but “was” is not even in the top 500.

How secure should you make it? Some accounts are not critical and a hacked account is little more than an inconvenience. A strong or difficult to type password is unnecessary. Other accounts such as on-line banking should have a strong password. Since email is frequently used to reset passwords, your email should be at least as strong as the most important account that uses it. Otherwise a hacker who gets into your email account is likely to find clues as to what other accounts you have and use your compromised account to reset those passwords.

How often should you change your password? Clearly it should be changed if you suspect that it may have been compromised or you no longer feel secure about that computer you last used. However changing it too often may create more problems than it solves and may lead to predictable patterns.

Sharing passwords Don’t let your children fall for the old “friends share secrets” trick. Friends who want to know your password aren’t really your friend. Never share your password with someone who calls you. One method hackers use is “social engineering” where they impersonate someone and con you into sharing your password with them.

Types of passwords

Keyboard patterns: Using simple patterns such as “qwerty” (8th most common password) , “7777777” or “qazwsx” is a poor practice and insecure as it’s too common.

Single word: It is prone to a “dictionary attack” where a hacker literally goes down the dictionary trying each word until he succeeds, providing you haven’t accidentally picked a password from the list of 500 most common.

A word with a number or punctuation: This significantly increases the security of a password as long as the word and the number are unrelated. “ncc1701” or “bond007” are both found in the top 500 passwords.

Obfuscation (Hacker spelling): Altering a word though unusual capitalization (“paSSWord”), adding letters (“masterr”), or substituting letters with numbers (“footba11”) or punctuation (“must@ng”). Used in combination, this should be adequate for most casual uses. Since most alterations are predictable, it may fall under a more elaborate dictionary attack.

Two (or more) unrelated words: Separating two words with a number or punctuation greatly complicates the effort needed by a hacker while making it only slightly harder to remember. Even if the two words are common, the two of them together can literally make it one in a million. However, the two words must be unrelated. For example, “fun4me” would be a poor choice, but “fish%maple” would be a good one.

Pass Phrase: Use a memorized phrase to create a seemingly random string. For example, “I Nephi, having been born of goodly parents…” could become “INhbbogp”. Add in the scripture reference and it could become “1:1INhbbogp” While it’s a good method to create a “word” not found in the dictionary, there could be some concern if the phrase chosen is too common.

Random: A password generator can be used to create a totally random string of letters, numbers and punctuation. This is frequently considered the most secure option. But it is difficult to remember and can be difficult to type making it easier to observe. Some argue that stringing together more words is faster to type, easier to memorize, and just as secure.

What are your ideas for creating secure passwords?

Share on Facebook

Continue reading at the original source →