One of the most important aspects of an IT security professional is being able to not only have a strong password, but also teach others in your company to follow this same password making process as well.
You are only as strong as your weakest link, and we all know that most cyber-attacks start from human error. The dos and don’ts of making a secure password may seem tedious at first, but in the long run it is the best option to stay protected.
1. Choose a phrase you can remember
First step, we will get rid of idiom “passwords” because now we will be creating “passphrases”. You don’t want to just use one of two words as the main part of your passphrase. Dictionary and brute force attacks are become more advanced, cracking single word passwords in minutes. What you want to do instead is take a phrase that you can remember, but not something too relatable to yourself.
Some examples would be like the chorus from your favorite song or the first sentence in your favorite book. Use my example below for now:
“She had them apple bottom jeans, boots with the fur”
2. Take the first letter of each word
You will now want to take the first or last letter from each word and cram them together. This will be the base of your passphrase:
3. Mix up the letter cases
Next, you want to make a few of the letters capital:
4. Throw in some special characters
Try to have at least two letters capitalized. Now take your phrase and add a number or special character on the beginning/end of the phrase.
5. Make it 14 characters long
The last step is to make sure it is 14 characters long of more. My example has only 12 so I would want to go back and add 2 more characters to the phrase:
There you have it, simple as that. Now you have a password that meets the length criteria and is well out of the scope of any dictionary attack. You will also have an easy time remember this one because the base phrase is something that you have memorized anyway (a song or phrase). The idea is to find something that is easy for you and only you to remember for your base phrase, then the rest will fall in place after a few times using the password.
Creating a strong passphrase is very important, but do not ever write down your phrases. It doesn’t matter if they are in a safe, creating a super secure password will do you no good if it cannot be memorized. Now let’s say that you have a lot of accounts with different passwords, what you can do to solve this is get a password locker. It is a tool that holds all of your passwords on your computer, with one master password to unlock the others. This way you only have to memorize one secure password.
Congratulations. You can now train passphrase creation. Take what you have learned and spread this knowledge to your company. The employees are the first line of defense and need to be well prepared for it.
- 5 Steps to Create an Invincible Password - March 28, 2016
5 thoughts on “5 Steps to Create an Invincible Password”
The random application of capitalization and special characters at the front and back limits the chances a user will recall such a password. Choosing a sufficiently long phrase initially means no padding characters need be added. Leet or other predetermined substitutions can replace some characters in a controlled way. Choosing a phrase with punctuation, and retaining that punctuation, increases the password strength without being random.
Reserving such algorithmic passwords for relatively few use cases and using a password vault for the rest would be the best solution for strong passwords not reused for multiple purposes.
Interesting using the word “Invincible” in the title…
Don’t use “random” capitalization. Use some system, say, use the German capitalization rule that all nouns are capitalized. Keep any punctuation. Then turn any word that sounds like a number or special character into that character. For instance, the opening sentence of the Gettysburg Address would produce:
For bonus points, misquote it slightly if it’s a famous quote. For my LastPass password, I both use an obscure quote and misquote it. (And no, it’s not the Gettysburg Address.)
Most of all, personalize what you do, and don’t say everything about what you do. (I haven’t.)
Comments are closed.