I’ve written, previously in this space, on the potential of password managers; but, to use those applications, on top of applications, you must supply a master password that, when entered, will ‘turn on’ the program. Once your master password has been correctly entered, the program will pre-load all of your passwords for the applications the passwords for which you’ve recorded in your password manager. A good number of people use password managers; and, I don’t begrudge them that; I am just not counted in their number. Despite the convenience of these programs, the plain fact of the matter is that a hacker only needs to break your master password to get to all of the others. If that happens, I wonder what the point of creating so many unique passwords was again . . .
Password managers are appealing because these serve to take memory out of the equation, for the most part: You need only remember one password, rather than dozens. So, if you choose not to use a password manager, you’ve then got to figure out what memory prompts you will establish to help you to remember which passwords work for which applications. (You could keep a master password list of your own, via an Excel spreadsheet, say; but, then you run smack into the problem of the password managers: one key rules them all, as it were, and to paraphrase any sci-fi nerd you know.)
There are, however, some techniques you could use to create memorable passwords, that are simultaneously difficult to crack:
-Having a photographic memory helps. I know, I know . . . I’m sorry. Not fair.
-You can dramatically increase the difficulty of hacking your passwords when you introduce symbols, in lieu of letters and numbers. In order to help you to remember those symbols, you can choose ones that resemble letters and numbers (e.g.–@ for a, ! for 1).
-You can utilize mnemonic devices (like back in grade school, when you memorized ROY G. BIV (not the second member of Bell Biv Devoe), in order to reproduce the rainbow’s color spectrum) to create passwords. If you can recall a sentence or phrase that is memorable to you, you can use the mnemonic device derived therefrom to create a password, thus: ‘Dragons Love Tacos, and So Do I’ becomes DLt+SD1) — which you could then use as a standalone password, or one of the bricks for building more fulsome passwords . . .
-And, yes, you can build increasingly complex passwords off of root words or phrases. In the last example, a sentence becomes a mnemonic device, which then becomes a password. But, you could also take a common word or short phrase, like ‘8 armadillos’ and turn it into ‘%@RM@d!))0S’ — it’s memorable, it looks sort of the same; but, it is far more difficult to crack than is the original. Combine the last two examples, and you have: DLt+SD1%@RM@d!))0S. That’s a pretty ridiculous password. The more root words and phrases you can convert to password components, the more combinations you can create; and, you’ll end up providing yourself with a wide array of potential passwords based on an established number of initial inputs known only to you.
-Now, certainly, the requirements for the security of individual applications vary: you’re probably less concerned about the password for your Yahoo! Fantasy Football team (depending on how much money you have riding on your league) than you are about the password for your case management system. So, you can treat your passwords accordingly. You could develop a hierarchy of passwords, from more secure (harder to remember) to less secure (easier to remember), based on the value of the information that is being protected. Your fantasy football password could be something like: ‘RevisIslander’, and your case management password would be far more complex, closer to what we developed just above.
-Many websites will ask you to establish answers to predetermined security questions, in addition to creating a password. When selecting security questions and answers, you should avoid choosing answers reflecting data that may be publicly available, including, potentially: your birthday, or relatives’ birthdays, family names and maiden names, your street address or the date and /or place of your marriage. Far more secure questions relate to things that are not easily findable via the web, or (better yet) that are not available on the web at all; things like: the name of your childhood pet, the street your best friend from elementary school lived on or a private term of affection for your spouse — the weirder, the better.
-A further way to secure your passwords is to establish additional factors of authentication.
-You can test your password strength via HowSecureIsMyPassword, which is relatively safe, especially if you tweak the final version of a complex password slightly, and do not test that version.
The good news is that, as soon as fingerprint access becomes commonplace, alphanumeric passwords will be a thing of the past.
This post originally appeared in the Massachusetts Bar Association’s eJournal.