If you’ve followed this column for any length of time, you’ve read my rants, warnings and exhortations regarding passwords. In a nutshell, computer and Internet account passwords (email, Facebook, Twitter, banking, Amazon, etc.) need to be sufficiently complex to make them secure against the attacks of Internet criminals.
We should stop using the term “password,” though, as a good password will never simply be a word found in a dictionary. “Passphrase” is the term we should keep in mind, as a good password will be a string of random words, and can also include numbers, special symbols and characters. You could even call it a “pass-sentence,” but for now, we’ll use “password.”
People seem stuck on perpetuating old misconceptions about passwords, though, foremost being that computer bad guys sit around trying to guess what a password might be. Movies and TV cybercrime shows still portray people sitting in front of a screen saying things like, “Let’s see, maybe his password is his dog’s birthday! (Type-type-type). No, that’s not it. Maybe it’s his street address (type-type-type). Darn, that’s not it, either! Maybe it’s… his daughter’s name (type-type-type).” After trying a few more ridiculously-obvious guesses, suddenly, voila, they have “hacked” their victim’s password.
Nothing could be further from the truth. Computer criminals do not sit around trying to guess passwords; that’s what computers are for. Criminals use very powerful, free, easy-to-find password-cracking programs to guess passwords for them. These programs can make millions of “guesses” per second, and almost always ferret out weak, insecure passwords.
The second misconception people get hung up on is thinking they have to memorize all their passwords, so they must come up with passwords that are easy to memorize. This, also, is not true. You do not have to memorize all off your passwords, nor should they be easy to memorize. But, if you do want to memorize certain key passwords, think about all the similarly complex and random things you have already memorized: telephone numbers, street addresses, Social Security numbers, driver’s license numbers, etc., all because you decided to memorize them.
If you are concerned with forgetting passwords, write them down on a piece of paper and hide it safely in your house. You could even write them in a way that would be difficult for others to understand, such as a Leonardo da Vinci backwards-mirror style code. Or, use a free, easy-to-use password management program like Dashlane.
Inventing secure passwords can still be challenging, though, so the good folks at the Electronic Frontier Foundation (www.eff.org) are hosting a page describing A. G. Reinhold’s “Diceware” method of creating secure passwords. Diceware uses gaming dice, in conjunction with a long list of words to come up with very secure passwords that anyone should be able to, if needed, memorize. You simply decide the level of security you want, roll a single six-sided die, pick your words and out comes a secure password.
Visit https://ssd.eff.org/ and scroll down to the “Overviews” section. From there, select “Animated Overview: How to Make a Super-Secure Password Using Dice.” Watch the short video, follow the instructions and you will be on your way to creating and using passwords that will stop the Internet bad guys cold.