Secure Passwords the easy way

 

We’re all human, and for the majority of us remembering 1 complicated password is difficult enough, let alone a different one for every service we use! But in today’s connected world, “Password1” and similar common phrases are practically the same as having no password at all. Just ask yourself, if you wanted to guess someone else’s password, what common combinations would you try? So you shouldn’t be using any of those as your passwords then...

Using this online tool*, it indicated that the following common passwords would take a very short amount of time to crack using a normal home PC.

*Please note, it is never recommended to test the actual passwords you use via tools such as these, in case malicious sites retain them.

Password

Time to crack using a standard computer

Password 0 seconds
Password 1 0 seconds
123456 0 seconds
Letmein 0 seconds
Trustno1 0 seconds
abc123 0 seconds
03061980 (a birthday perhaps) 0.025 seconds

password too easy

Imagine for a moment that someone guessed the password for your email account. “What if they do?” you say. Sure, it might not matter if someone reads an email from your Auntie, or sees what you last bought from Amazon. But it might matter if they sent an email pretending to be you... And there is the much bigger risk that they could access most other online services you use; From shopping sites to Facebook, the “forgotten password” button invariably sends you an email enabling you to reset your password for that service. And they know what services you use and sites you visit too, just by seeing what’s in your inbox: the latest special offers from your favourite shopping sites, twitter notifications, mobile phone bills, bank statements...

So now you’re justifiably worried, but you’re still facing the same problem: how do you remember so many passwords if you need a different one for everything? Read on...

creating secure passwords
Image credit - https://www.woodenearth.com/

Method 1: Secure Passwords using building blocks

Remembering complicated passwords is difficult, but remember just 1 method for building your passwords, and you'll never need to remember a password again!

For this example were going to build a password composed of 3 building blocks.

Block 1: a digit representing the type of service you’re creating a password for.

Here’s a list of common types. Make sure you choose your own numbers and don't just copy these.

1 – Social media, like Facebook, Twitter, MySpace YouTube etc...

2 – Email accounts

3 – Banking and tax

4 – Shopping sites

5 – Home services, like broadband, telephone companies, electricity, gas etc.

6 – Anything work related

7 onwards – more categories if you need them

Block 2: A password or phrase that is easy for you to remember.

This will be the same for all your passwords from now on.

We’re going to use the phrase “can’thackme” but you could use a name, a birthday, anything.

One you've decided on your main password, we’re going to modify it, just a little, by replacing one normal letter with a special character. Special characters are things like ! @ # $ £ € ‘ ( ) +

We chose the password “can’thackme”. The @ symbol contains the letter “a” at least to the eye, so we’ll replace one of our a’s with the @.

Our completed Block 2 is: can’th@ckme

Other visually easy replacements include:

i and ! – bes!de

l and ! – p!aytime

e and £ - sp££d

Or replace whole words with one symbol:

Hash brown - #brown

Plus size - +size

Meet at mine – meet@mine

The idea is to make it easy to remember for you, but hard to guess for someone else. Changing that one letter to a character makes your password many times stronger.

Block 3: The name or initials of the service you’re creating that password for, always in CAPITALS.

Let’s take Facebook as an example. It would be easily abbreviated to FB.

Hotmail could be HM, Anything Microsoft could be MS and so on...

If the service isn’t easily shortened to a few letters, use the whole name, in capitals, like AMAZON, GOOGLE, TESCO etc.

You almost never have to remember this bit of your passwords, because the name of the service should remind you. If it's easily shortened, it’s going to be a few capital letters, if it’s not it’ll be the full name, in capital letters. Easy!

So based on our building blocks, here are a few examples of complete passwords.

Facebook - 1can’th@ckmeFB

Gmail - 2can’th@ckmeGM

Amazon – 4can’h@ckmeAMAZON

HSBC Bank account - 3can’th@ckmeHSBC

Sky home broadband - 5can’th@ckmeSKY

And that's all there is to it! You have 2 things to remember: the number you use for each type of service, and your core Block 2 password.

password blocks

We tested a couple of the passwords we created using the same tool* as we used at the beginning to test weak passwords. The results speak for themselves.

Password Time to crack using a standard computer
4can’h@ckmeAMAZON 931 trillion years
1can’th@ckmeFB 2 billion years

*Please note, it is never recommended to test the actual passwords you use via tools such as these, in case malicious sites retain them.

lastpass-logo

Method 2: Use a Password Manager

A number of password managers exist, and many are free for private use. We recommend LastPass, but Roboform and other alternatives are available.

A good Password Manager can do lots of things for you:

  • Automatically store your username and password if you create an account for a new site.
  • Save that information securely, but let you access it from anywhere by logging
  • Automatically fill in your username and password when you visit a site you have saved information for.
  • Fill in all that annoying form data for you, so when you go to sign up to a shopping site, you press one button and all your address and contact information is filled in for you!
  • Best of all, it means you only ever have to remember 1 password – the one to your Password Manager – but you better make it a secure one…!

To get started with a password manager, you can sign up for LastPass here. Now you can create different passwords for everything you do, and LastPass will remember them all for you. Or even better, create your passwords with our Building Blocks method, and store them in LastPass. That way you’ll always know what your passwords are, and LastPass can do the hard work of filling things in for you.

Contact us if you are a home user and would like some help getting set up with LastPass, or just some advice about computer security in general.

Lastpass Enterprise is available for businesses, with many more advanced features for central password management, single sign-on and more. Contact us to see how LastPass Enterprise could benefit your business, or sign up for a free trial here.