Security Tip: 5 Easy Ways to Remember Your Strong Password

With all the information we keep on our computers, our USB drives, our email accounts, and all other kinds of digital systems, it’s not rare to easily collect half-a-dozen passwords, or even more, that one needs to remember. Strong passwords are important, of course. And many times you simply can’t have the same password for multiple applications; what one system demands for a password might not be the same as another. While multiple passwords will certainly make it harder for prying eyes to get a hold of your data, it can also be counterproductive. Keep reading for 5 easy ways that you can remember your strong password.

Password memory

Use a Password Manager

Alright, this might be cheating, as you won’t technically have to remember much. But a password manager is a welcomed solution to the problem of having countless passwords to remember. With a password manager, you just remember one, and it will handle all the rest. Unfortunately, though, password manager only work on computers that they’re installed on.

Use Random Words You Love

The most secure passwords are the ones that are long and full of random characters. This makes them almost impossible to guess. It also defeats the vast majority of hacking attempts that try to break in through the sheer brute force of constantly entering option after option.

Unfortunately, random characters can be very difficult to remember. Random words, on the other hand, are much easier to commit to memory. Best of all, they have proven to be almost as secure when it comes to protecting your data. Try your first pet’s name, the street you grew up on, and the day of the month you were born on. Or have it be your favorite animal, your dream car, and your mother’s maiden name. Though opinions may vary about this, you can probably afford to write down a reminder—somewhere safe, perhaps in your cell phone—that simply says, “favorite baseball player, sister’s birthday, dream vacation.” That makes for an easy reminder that practically no one should be able to figure out.

Use Mnemonic Devices

Because random characters are such a strong password, there’s a very good argument to choose them. “I always get my password on the first try”, for example, can be changed to “Iagmpot1t.” This is an extremely strong password that’s easy to remember.

Write Down Your Passwords and Keep Them Safe

If you’re particularly concerned about forgetting all your passwords, it’s ok to write them down. However, it’s then of the utmost importance that you store them somewhere safe. They should be nowhere near the computer you use them for. So, if your passwords are for an office computer, keep them locked away at home. If you have a home office, consider writing them down in the back of a favorite book kept on a shelf in another room.

Rotate Passwords

Most systems that require passwords also require you to change them regularly. When possible, simply rotate your passwords through systems. This helps keep you from making countless passwords that you’ll have a hard time remembering. So long as none of your systems have been compromised, there’s no point in wasting a strong password.

Source:
http://www.macworld.com/article/2014040/how-to-remember-passwords-and-which-ones-you-should.html
http://www.techrepublic.com/article/tips-to-help-users-remember-their-password/

Gawker Media Hack Is A Password Reminder

Over the weekend, Gawker Media was hacked, providing an encrypted password list (among other things) to the hackers. A group calling themselves Gnosis has taken credit for the hack and released a package full of server information, notes on the hack, Gawker Media site source code and worst, everyone’s passwords.

Gnosis hack on Gawker Media

Judging by the statement made by the hackers, it looks like someone at Gawker pissed them off. I was actually planning another post about web security before this happened, but that will wait for another day as it has to do with different perils of having online accounts.

Here’s the email Gawker Media sent out today:

This weekend we discovered that Gawker Media’s servers were compromised,
resulting in a security breach at Lifehacker, Gizmodo, Gawker, Jezebel,
io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. As a result, the user name
and password associated with your comment account were released on the
internet. If you’re a commenter on any of our sites, you probably have
several questions.

We understand how important trust is on the internet, and we’re deeply
sorry for and embarrassed about this breach of security. Right now we
are working around the clock to improve security moving forward. We’re
also committed to communicating openly and frequently with you to make
sure you understand what has happened, how it may or may not affect you,
and what we’re doing to fix things.

This is what you should do immediately: Try to change your password in
the Gawker Media Commenting System. If you used your Gawker Media
password on any other web site, you should change the password on those
sites as well, particularly if you used the same username or email with
that site. To be safe, however, you should change the password on those
accounts whether or not you were using the same username.

We’re continually updating an FAQ (http://lifehac.kr/eUBjVf) with more
information and will continue to do so in the coming days and weeks.

Gawker Media

How Does This Affect You?

If you’ve never commented on a web property in the Gawker Media network, you may not have anything to worry about. If you have, on the other hand, your password on that site has been compromised and you should think about where else you used that password and change it on all sites. In the quoted text above, Gawker points us to a post on Life Hacker full of answers. Of course, to minimize the effects of future hacks on Gawker or any site, it’s best to have a strong password (see below) and use different passwords for different sites. As an example, you wouldn’t want to use the same password on Gawker that you use for online banking.

Is Your Password Strong Enough

Surprisingly, too many people have passwords that are easy enough to crack or even just guessable. Without a doubt, the absolutely worst password you can use for any account is the word, “password”. Regardless, of the nearly 1.3 million accounts compromised, 1,959 had “password” as their passwords. Even if it’s not guessed by a hacker, the simplest brute force attack can crack this password in no time. So how do you know if your password is strong enough?

Is my Password Strong

I built a quick and easy password strength test site to help you test your password. This may be helpful but you can also get by with some quick password tips. To understand them, you should know a little about how a brute force attack works. Typically a script runs that tries one password after another until one works. A simple script might first try every word in a dictionary file. This is just a file full of known real words like “gamer”, “puppy”, or maybe, “password”. Failing that, it would start going through every character combination from aaa, aab, aac, for example, through to larger guesses like 9999999. A more time-consuming attack might make use of characters like $%!, etc. but this takes far longer. Having to check for upper vs lower case takes a lot longer as well. From this, we can assume that you can make your password stronger by making it longer and including numbers, mixed case, and special characters. By this logic, “Chr1Stm@s!!%” is a far more secure password than “christmas”.

Even if you were not affected directly by this, take this as a reminder to audit your password habits and make changes if needed. A little effort now can save you a lot of future headache.