Topics like the below Mygaming Article seriously piss me off simply because people listen to these security "experts".
If I rolled my eyes any harder I'd have an upskirt level view of my past lives.
Why we should scrap 'dumb passwords' in favour of smarter security
First the Mythbusting:
This is a "secure" password:
h*6D4VAC)yW6P[*7<Y.X"8C2Fb
Arguably yes, but whoever espouses the use of such passwords without a form of securely storing them is an idiot and they most certainly are not for use by day to day people.
The only place I use a 26 letter generated password is for system accounts where the passwords are stored in a vault.
The likelyhood that a day to day user would use one of this is stupendously naive because the first thing they will do is write it down on a Post-it... completely breaking your security model in the first place.
It is possible however, let me show you how:
Some wonderful facts about the brain and how we learn stuff
Take this string of randomised letters and try to memorise them:
ressamtbaaaalepcmshoaersslm
Most people can memorize up to about 7 characters before it gets harder and harder to memorize more. There are techniques but we are aiming at the common man/woman here.
Here's the same string:
harmless plasma amoeba actress
Now that very same string has been broken down into 4 objects, not 26 letters which by the end of reading this sentence can easily recall at least 2-3 of them.
And suddenly this comic from XKCD makes sense:
Next but not least, password padding.
https://www.grc.com/haystack.htm
The pertinent piece, go read the rest for a full understanding
Last but not Least: One line ASCII art, making you do the one thing most hackers don't want you to do, use characters that are not on the SHIFT 1-0 line.
Making it work for you
1) pick 2 words from here. Pick 6 or 8 character words for longer passwords, pick 4 or fewer for smaller.
2) generate a 4 or 2 character number sequence here - (Min 0 - Max 9999 or 99)
3) search google for one line ASCI art and find something you remember e.g.
Rose - @}-->
Sword - <====}=()
Fish - <)))<
Cigarette - ()__)________)
Notice how ASCII art easily lends itself to the password padding I mentioned above. Also and more importantly it removes the SHIFT 1 - 0 Characters.
4 Combine all of them, as an example:
1) Germ Fallout
2) 8297
3) <))))<
Sample Password(s) from the above
*@97gerMFallout<))))<
82(&gErm<))))<fAllout
That's a 21 Character password with 6 elements you need to remember.
Where to press shift
Where each element is
What each element is
Why this works?
Most hackers are in it for the quick win so they will select the smallest target set they can in order to harvest the biggest amount of passwords.
If each person takes the methodology above and evolves a method of their own, adding, rearranging and changing the above into something they can easily remember for themselves, then each persons password will be memorable to themselves and very importantly, no longer on the post-it note one the desk.
Additional safety
Keep 2 email accounts (lets just call them Junk and Important) & a separate password for each the following:
- Use your Junk email address and password for sites you don't really care about and don't have any details about you
- Keep an intermediate password and your Junk email for sites you visit regularly and has some information about you
- Important Email account with a strong password for use with:
- Transaction Sites like Kalahari.com, Computicket, etc.
- Strongest password for your banking site linked to your important email and use 2 factor authentication if they have it.
By separating your Junk email account and your Important email account, hackers cannot just retrieve information about your most important information on a whim.
They will have to work for it and that is what most of them don't want to do.
A determined hacker will eventually find a way (and then you will have to ask yourself how you pissed them off and unplug everything), your aim is primarily to remove yourself from the cross hairs of the lazy ones.
The most important thing to remember about passwords is to help yourself remember them, then it doesn't matter how long they are and making new ones is as easy as pie.
If I rolled my eyes any harder I'd have an upskirt level view of my past lives.
Why we should scrap 'dumb passwords' in favour of smarter security
First the Mythbusting:
This is a "secure" password:
h*6D4VAC)yW6P[*7<Y.X"8C2Fb
Arguably yes, but whoever espouses the use of such passwords without a form of securely storing them is an idiot and they most certainly are not for use by day to day people.
The only place I use a 26 letter generated password is for system accounts where the passwords are stored in a vault.
The likelyhood that a day to day user would use one of this is stupendously naive because the first thing they will do is write it down on a Post-it... completely breaking your security model in the first place.
It is possible however, let me show you how:
Some wonderful facts about the brain and how we learn stuff
Take this string of randomised letters and try to memorise them:
ressamtbaaaalepcmshoaersslm
Most people can memorize up to about 7 characters before it gets harder and harder to memorize more. There are techniques but we are aiming at the common man/woman here.
Here's the same string:
harmless plasma amoeba actress
Now that very same string has been broken down into 4 objects, not 26 letters which by the end of reading this sentence can easily recall at least 2-3 of them.
And suddenly this comic from XKCD makes sense:
Next but not least, password padding.
https://www.grc.com/haystack.htm
The pertinent piece, go read the rest for a full understanding
Last but not Least: One line ASCII art, making you do the one thing most hackers don't want you to do, use characters that are not on the SHIFT 1-0 line.
Making it work for you
1) pick 2 words from here. Pick 6 or 8 character words for longer passwords, pick 4 or fewer for smaller.
2) generate a 4 or 2 character number sequence here - (Min 0 - Max 9999 or 99)
3) search google for one line ASCI art and find something you remember e.g.
Rose - @}-->
Sword - <====}=()
Fish - <)))<
Cigarette - ()__)________)
Notice how ASCII art easily lends itself to the password padding I mentioned above. Also and more importantly it removes the SHIFT 1 - 0 Characters.
4 Combine all of them, as an example:
1) Germ Fallout
2) 8297
3) <))))<
Sample Password(s) from the above
*@97gerMFallout<))))<
82(&gErm<))))<fAllout
That's a 21 Character password with 6 elements you need to remember.
Where to press shift
Where each element is
What each element is
Why this works?
Most hackers are in it for the quick win so they will select the smallest target set they can in order to harvest the biggest amount of passwords.
If each person takes the methodology above and evolves a method of their own, adding, rearranging and changing the above into something they can easily remember for themselves, then each persons password will be memorable to themselves and very importantly, no longer on the post-it note one the desk.
Additional safety
Keep 2 email accounts (lets just call them Junk and Important) & a separate password for each the following:
- Use your Junk email address and password for sites you don't really care about and don't have any details about you
- Keep an intermediate password and your Junk email for sites you visit regularly and has some information about you
- Important Email account with a strong password for use with:
- Transaction Sites like Kalahari.com, Computicket, etc.
- Strongest password for your banking site linked to your important email and use 2 factor authentication if they have it.
By separating your Junk email account and your Important email account, hackers cannot just retrieve information about your most important information on a whim.
They will have to work for it and that is what most of them don't want to do.
A determined hacker will eventually find a way (and then you will have to ask yourself how you pissed them off and unplug everything), your aim is primarily to remove yourself from the cross hairs of the lazy ones.
The most important thing to remember about passwords is to help yourself remember them, then it doesn't matter how long they are and making new ones is as easy as pie.
Last edited:
