Locked Computer

These days, nobody really needs to be told that they should be using strong, distinct, passwords for all of their online service accounts (Bank website, University account, Facebook, etc.). In the same fashion, nobody really needs to be told to drink eight glasses of water a day and exercise for a minimum of about 30 minutes a day for 3-5 times a week. The advice is simple enough to abide by, but as I like to say: “Simple” doesn’t always translate to “Easy”. Things happen, life happened, and in the hustle and bustle to get through it all from day-to-day, many people will opt for the path of least resistance wherever and whenever they can. Unfortunately, in the realm of login credentials, this usually translates to passwords such as: “password”, “admin”, or “123456”, being used as the key to gain access to accounts, workstations, or in even some criminally negligent cases: Network servers.

A recent article by HowToGeek suggests that the “best practices” for creating strong passwords are as follows:

  • A minimum of twelve characters
  • Include Numbers, Symbols, Capital and Lower-Case Letters
  • No dictionary words or combinations of dictionary words
  • No obvious substitutions (I.e.: “H0use” as opposed to “House”)

Following this logic, some ideal password one might use to protect an account may be:

  • jWib=[ZuUBf)
  • 18Rb58G2K[{9
  • e1o87{-5″coc
  • $$gc#[;rvLH%

Yikes! Its easy to see, without outright excusing, why many might find it difficult to just conceive such random strings of text, let alone remember and use them on a regular basis.

Some enterprising individuals have made this connection, and gave rise to a group of programs called “Password Managers”. As the name suggest, these are programs that will allow you store the login information of various sites for you, and input them on your behalf as needed. The more advanced ones will even assist you with creating the credentials in the first place. One of the leading services in this ecosystem is called “LastPass”. Many of my colleagues use this system and, to date, ive heard next to no complaints regarding it. If you’re really interested in looking for a program to assist you with your password management needs, you could hardly do yourself any disservice by starting with them.

However, I happen to know of another system that I think is a bit better. Its one I regularly use, its easy to get ahold of, and far more cost effective..

…that system is called: “Your Brain”.

Brain Image

No, that’s not the name of some new program. I’m talking about YOUR “Brain”. Do not rush to google to try to look it up and then leave comments saying: “I cant find them! Where do I download a trial?!?!”

In general: We don’t give ourselves enough credit. In the end, we can’t all be super-geniuses like Michio Kako or Stephen Hawking. Its also highly unlikely that many of us will ever reach the level of memory mastery obtained by the likes of Ed Cooke. Still, as with all things in life, there are simple ways that we can better ourselves, and do better with nothing more than some ingenuity and an old-fashioned, if somewhat cliched, “Can Do” attitude.

To be more specific, you can solve your password needs, for as many sites as you need, by simply creating a single memory mnemonic by which all of your passwords need to follow, and through that, create your passwords as needed. To get started, let’s assume that you have a user called ‘JDoe’, at the following sites:

FaceBook Wachovia
InstaGram GSA
Google StateU

Here we have six sites that require a secure authorization in order for you to do anything worthwhile, which means, in an ideal situation, you’re going to have six separate passwords you will need to keep up with. Instead of attempting to come up with six separate random passwords that you THINK that you’ll be able to keep up with, what you can do is devise for yourself ONE simple password template that you can easily remember and then use to create your six separate passwords.

Putting this into action, lets say that the particular template or rule you decide to set up for yourself follows as:

12 + <Sitename> + 34 + <Codeword> + 56 + <Yourfirstname> + 78 + #

and your codeword is “Apple”.

Then your login for four of those six sites would be as follows:

Site Username Password
Yahoo JDoe 12Yahoo34Apple56John78#
Gmail JDoe 12Gmail34Apple56John78#
FaceBook JDoe 12Facebook34Apple56John78#
GSA JDoe 12GSA34Apple56John78#

Going over the “Best Practices” mentioned above three of the four guidelines have been strongly hit upon: Each password is at least 12 characters long, a combination of numbers, characters (upper and lower-case), and characters are being used, and no simple substitutions have been made. A nitpicky purist could argue that the use of “Apple”, and the site names are infringing upon the last outstanding point, but its easy to see that you still have a set of very strong and distinct credentials to work with, and none of them need to be explicitly remembered because all you will need to do is go back to your rule to recreate it.

The shortest one, “12GSA34Apple56John78#”, was ran through a password strength tester, that was quickly looked up on the web and it receive an overall high score for its security. In creating your own rule template, you might consider checking that page out to do some strength testing of your own. If the level of geekery for said tester is a bit high-brow for your tastes, you can click here for a more straightforward one provided by Comparitech.

One potential problem that you’re likely to run into is that a certain site may not allow you to create a password as strong as your choice of rule creates. In this case, you can simply create a set of rules to goto as needed:

Rule Security Level Rule
High 12 + <Sitename> + 34 + <Codeword> + 56 + <Yourfirstname> + 78 + #
Medium 12 + <Sitename> + 34 + <Codeword> + #
Low 1+ <Sitename> + 2 + <Codeword>

I hope you found this helpful, or at least informative. If you have any comments, feel free to leave them below.