By Jurissa Ayala
In our day and age, we have the amazing ability to be hooked up to the Internet and perform our business, our banking, schooling and communication from anywhere we want. However, our security online depends greatly on our ability to protect our personal accounts from unauthorized access, as malicious users try to break into other people’s accounts thousands of times every day. Passwords are the linchpin in our security, and it is vital that we create strong passwords to protect our accounts and our identities.
You don’t have to look far to find out how easily passwords are cracked today — just Google “is it easy to crack a password?” It can be confusing as we continually hear security advice about password length: It must be eight characters, it must be 10, 12, 14. And we hear that we should use indecipherable combinations, use random words, but make it long. Password researchers like Jeremi Gosney have been able to crack even a 20-character password (savethecheerleaderssavetheworld).1 Sometimes using numerical or symbolic substitutes won’t help because it takes only a fraction of a second for a password-cracking program to swap them in and try them (4 for A, 3 for E, 0 for O, $ for S, etc.). It seems that length alone is not a perfect solution to password security, though neither is complexity alone.
Sometimes it feels as though there is no way we are going to remember every bit of password advice. But here is a simple formula to create extremely powerful passwords that are still easy to remember:
It is true that length compounds the difficulty of cracking a password almost exponentially, so the longer the better — always. However, plain words that can be found on Twitter, Wikipedia or in a dictionary are now part of password-cracking databases that any amateur hacker can use to crack passwords. So we must combine length with complexity. And we don’t mean just swap the E for a 3.
Step 1.
Pick a line from a movie you have seen a hundred times or a line from a song you love. It must contain at least 12 words, but try to make it at least 14.
All of the fighters are attacking I wonder what those Star Destroyers are waiting for…
or
Shot through the heart and you’re to blame darling you give love a bad name
Step 2.
Take out all the letters except the first of every word:
aotfaaiwwtsdawf
stthaytbdyglabn
Step 3.
Complexify. Now we use the number substitutions and change up the capitalization of the letters. To make it easy to remember, try to capitalize logical parts of the phrase. Also, add special characters whenever possible.
aotfaaiwwtsdawf — becomes: 40tfaaIwwtSDawf or 40tf4aIwwtSD4w4 or, best, 40tf4a,lwwtSD4?
stthaytbdyglabn — becomes: STTH4ytbdygl4bn! or, best, $TTH,4ytbdyg<34bn! (I substituted the emoticon heart for love, You could also put the emoticon heart for the word heart. The idea is the same.)
Note: sometimes commas or other special characters are illegal for certain programs or websites, so you could just remove it or substitute it for another special symbol.
These passwords are extremely difficult to crack, but still very easy to remember if you can remember the line you used. Really, the only tricky part is remembering where you put the numbers or capital letters, but that’s nothing compared with trying to remember a completely random combination of numbers and symbols — which, to anyone else, is exactly what your password looks like.
The length of these passwords makes it much more difficult for password-cracking tools to crack them quickly. Each additional letter radically increases the brute force difficulty. There are also no dictionary words to try. Even with powerful servers trying every combination to crack your password, it would take them decades at best, and by then hopefully you either don’t need that account, you changed the password by then, or they found someone else with an easier password to crack and left you alone.
In the final analysis, this formula helps to create some of the longest and most secure passwords possible while still being easy enough to remember. Use it to help protect yourself from exploitation of the worst kind. Keep your bank account, your emails, your Facebook, and your identity safe by using strong passwords.