Saturday, March 26, 2011

How to: make a password scheme like a pro!

Most people use the same password for all websites. Some people have severity level based passwords (low, medium and high security) and other people use the word "password" as their password. I am going to show you how to make a mnemonic password scheme that is secure, ever changing and yet easy to remember. I am going to give you the holy grail of password schemes. Let us begin.

1. Pick a word that is short (5-8 characters long), means something to you, and that you will not ever forget. Start off with a capital letter.
Good job! Step one is now done. Let's change it up a bit to fit some security standards. We will change the o's to @'s. That will add a non-alphabetic character, which greatly increases the length of time it takes to crack a password using brute force.
Now for the easy part. Let's say you want to make this your password for google. Add the name of the website to your trusted word. You will end up with C@rnd@ggoogle for a password. See how it is complex yet easy to remember?
Excellent! Now we are up to 13 characters which is really hard to crack. We also at this point have a website specific password that you can use anywhere because it is a scheme and not just one password. So if you visit another website like twitter it will change, just use. 
Now you have a password scheme that if broken by a program cannot be used against another website. How would it know? Applications are not that smart yet. But, what if another human cracks your password. Won't they just be able to change out the website name? Yes. That is where we add another dimension to your ultimate password scheme. We are going to add something that most people are bad at: MATH! Buwahahaha! Well it's not really math, it's more of a number trick.
Count the number of characters in the website name such as twitter. The answer is 7. Now let's use that on the very end of our password but in only a way that we will know. Let's multiply it time 4. Now we will end up with C@rnd@gtwitter28.

Outstanding. Now we have a password that is very long, complex because it has numbers and special characters in it and it is memorable. It's trusted word+website+number of characters in website times 4.

Now you can choose your number for your trick, you can use multiplication, addition or even repeating numbers like 7 characters = 77777 or six characters = 6666. It will still fool most humans and more importantly it will fool most if not all brute force programs. I don't know of one that can crack a scheme like this.

If you have any question please follow the contact links to ask me or leave a comment here.

No comments:

Post a Comment