Last week Twitter discovered a breach in their system that could have allowed someone to download the passwords of every user of their platform. They send out a message recommending that everyone change their passwords as a just in case measure, while indicating that they didn’t think anyone else had discovered the issue.
this would be an interesting password
There was a lot of grumbling about it; not the breach itself but in the need to create new passwords. I understand it; I hate changing passwords all the time myself. However, I don’t think my issue is the same as the issue of many others.
Most of the complaints I saw online were about having to find a way to remember the new password because too many people use the same exact password for almost all the sites they visit. That’s almost as lazy as creating easy to break passwords, but once again I can identify with it… sort of.
In the early days of being online, we didn’t have all that many people breaking into systems to steal passwords. Thus, I always used the same username and password for all the sites I joined. This was in the days before we did things like online banking and social media outside of blogging; the late 90’s felt like kindergarten compared to what we have now.
What we have now are people with both technology and grit who are trying to break into sites where we’ve stored passwords to help things move along faster. How many times do we have to read where people’s Twitter accounts, blogs, iPhone storage accounts or other sites and technology have been hacked before people start taking security seriously? Making it easy for your information to be discovered is lunacy.
I’m here to help… as always! π I’m going to offer some suggestions for creating “harder” to break passwords that should end up being easier for you to remember that will afford you a bit more comfort on the back end.
Before I go that route, I want to remind anyone using a WordPress blog or website that you can protect your site better by using a plugin called Limit Login Attempts Reloaded. It used to have the same name only without “reloaded” but that version wasn’t updated and this one is… working the settings are exactly the same and I hope you think about my recommendations from this post written just last year.
For everything and everyone else, we’re shooting for passwords that are at least 14 characters; most of mine are 16 or more. Let’s get started!
1. If you have at least 3 favorite TV shows or movies, you’ll probably know of relatively long names in some of those shows that aren’t necessarily obvious. It doesn’t even have to be a favorite; just something that sticks out for you.
talk about long passwords!
For instance, even though I wasn’t overly crazy about this movie, Dark Crystal gave us the word “gelfling“. It’s uncommon and not a word anyone would guess outright (unless it’s your favorite movie and you’ve told everyone about it) so it’s a good first step. Capitalize a couple of those letters to make it harder to crack.
2. I hear you now; “hey, that’s only 8 characters”. True, but we’re not done yet. If Dark Crystal was your movie, you can add a number code to it that should also be easy. Take the word “dark” for example. The number equivalent for that word is 4-1-18-11. If you added that to either the beginning, middle or end, or break the numbers up between the word “gelfling” you’d have a 14-character password that you’d probably remember.
3. You can also make it a bit harder by looking at a longer word like “crystal” and leaving out the vowel. This makes the numbers 3-18-25-19-20-12. Adding that to “gelfling” makes it a 19-character password; it’s harder to remember than the first one but all you’d have to remember to remind yourself of what it is would be the word “crystal”. If you needed to add the “1” to the mix that’s fine also; an extra character never hurts.
4. A lot of people like adding symbols to their passwords. Things like @, $, and ? work nicely, but some sites don’t accept symbols; it turns out Facebook does, and has since 2016. The other problem with this is that most people use them in places where they make too much sense to use them, such as @ instead of “a” and $ instead of “s”. Not only should you break that up, but putting multiple characters in a password is smart to do if you can remember where you’ve put them.
5. While thinking about favorite shows, why not put together the names of your favorite characters from different shows or movies? For instance, one of my favorite movies of all time (actually, it’s ranked #1 for me lol) is Independence Day. I love Will Smith’s character, whose name is Steven Hiller. Another favorite movie of mine is the Muppet Movie (go ahead and laugh!), and my favorite Muppet of all time is Kermit the Frog.
If I wanted to, I could go with something like “HillerKermitFrog” as a password and add a couple of numbers or symbols to it. It’s something I’d easy remember because I’d easily remember what I based my password off (this isn’t my password so don’t try lol). For instance, I could add the numbers 96 and 79 to it, which are the years both movies came out. That’s a pretty strong 20-character password that would take someone a lot of time to crack, especially if I threw in a symbol or two.
6. Think about using a favorite phrase or saying. I don’t know anyone who doesn’t have a favorite or memorable quote or line from a movie, book or song. If you remove the spaces, that would be a fairly tough password to crack. That’s because people may know phrases, but the software created to crack passwords don’t know phrases. Even if they do, changing up something here and there by adding capital letters and a symbol or two will stall the process.
For instance, one of my favorite phrases is from a Bugs Bunny cartoon: “I ain’t never done nothin’ to no one who ain’t done nothin’ to me first.” Yes, it’s silly and stated incorrectly, but it would make a great, long password. Imagine doing something like this: IaintneverdoneNothintonoonewhoaintdoneNothintomefirst. That’s 52 letters; what program is going to crack that one quickly… if ever? That and there’s only 3 capital letters in it; from my perspective this would be easy to remember. However, I’d still recommend throwing in at least one number and one character.
It doesn’t have to be a quote as long as this one; it just has to be memorable to you. What about ItwasthebEstoftimesItwasthewoRstoftimeS? This one’s 39 letters, and one of those most famous quotes in history (whether or not you read the book). If your quote is from a book less well known, a movie that’s stuck in your mind, a song lyric… it’s a better password than “password” any day of the week! Once again, a character or number wouldn’t hurt. π
Those are just a few ideas to show how simple it is to create tough passwords to help protect yourself across the internet. You might think about musical artists instead of movies, athletes instead of actors. Just don’t make it so obvious that your friends could figure it out; that negates the entire process. π So, whatcha got?
Interesting, you use a similar approach to creating passwords as I do.
My format is:
(NAME OF SOMETHING I REMEMBER) (SYMBOL i.e. / $ or #) (NUMBER COMBINATION (SYMBOL) (NAME OF SOMETHING I REMEMBER)
That’s a good approach; you’re right, we do similar things. π
The password strength is very important in order to protect our online accounts. It should be alpha-numeric, mixed with numbers, characters, and special characters. I always create unique passwords which are created based on my personal interests, hobbies etc.
I appreciate the tips you shared in this post. They are very informative and useful.
Take care,
Thanks Manoj. Combinations are always the best way to go, and if one can make the words memorable even better.
Very usful piece of information. We need to create password for each and everything as most of the work is in digital form most importantly our digital pament.
I will be trying your approach.
Thanks,
Keep up the good work.
Good luck with it.
Hi Mitch, Websites usually donβt allow unlimited tries to log in. But most of the time passwords are being hacked using a different way anyway. Usually, the attacker gains access to a copy of the password database of a website. If the passwords are saved in plain text, his work is done. But in most cases, these databases only contain hash values of passwords. A hash value is generated by putting the password into a hash function. Whatβs special about the hash function is that it canβt be easily reversed. It is easy to compute the hash value for a password but to get a password that belongs to a hash value, you need to try all possible passwords until you find that one that generates that particular hash value. When you log in to a website, your password is sent to the server, but never saved on it. The server takes you a password and computes its hash value. If the computed hash value is the same that is saved in the database, the server knows that the password is correct.
You have given nice information thank you.
Jeevan Shetty
Interesting information Jeevan. Most users luckily won’t have to worry about that much detail unless it’s their own websites. You can never stop someone who’s determined to break into your site by any means necessary, but making it hard on them makes them shoot for the low hanging fruit and might encourage them to leave you alone.
I found many friends struggling to remember their passwords as they go for tough combinations. I think one must choose something which is easy, but not at all related to his/her personal information so that anyone can guess. This is really a helpful guide.
Easy can be defined in many ways. My hope with this post was to show people that easy to remember things can also be long and hard to crack. Nothing’s perfect but longer is better.
Fun article, will definitely use .5 (name of movie, name of main character, date the movie came out..) I never thought of it hahaha this is great
See, there’s lots of ways to create tough passwords isn’t there? π
I must admit, I’ve never thought of an easy but hard password LOL I guess because I switch so many emails all the time, it get blinded by all the password changes.
One thing I like to do is choose the first thing I see when I look around, and then I pick the next thing and marry the two with a random number π
Does that make them easy to remember? They might be tough but I think I’d go crazy. lol
I was using only numbers and words for a few years but then I realized the value of adding special characters and making the password tougher. But your article goes into more deep on securing it more better way. Good Article I will use your technique now.
Good luck with it Jake; glad to help out.
Hey Mitch,
Thanks for the sweet ideas.
It’s increasingly becoming difficult to deal with passwords online these days. We signup to more and more different platforms and each having strong password requirements.
Sometime I find it enjoyable to just login to a platform using Facebook or Google. But this isn’t strong enough as well. While it reduces your headache of management many different passwords, it brings you closer to a security issue.
I’m from a remote village in Cameroon, Africa and most often, I use names and phrases in my local tongue, mixed with special characters and figures π
It will only take my grand ma to decipher them π
Hope you are having a great week
That’s good stuff Enstine; not many people would figure that out unless they lived in your area, but I’m sure you’re making it tough even for them. I keep getting more creative with the process, and glad I’m logging all of them. π
Terrific, suggestions and post, Mitch! I use a variation of some of the recommendations. Length is important and different for each site is, too!
Thanks Terri; glad you enjoyed it. I had to learn these things as well. For a long time I used a variation of the same password, even though it was 14 or 15 characters. I finally decided that on sites where it mattered (like my blogs) I needed to change that up or risk getting hacked. My only gripe is that banks only allow up to 15 characters and no symbols; ugh!
Hi Mitch! Great post, and I use some of the suggestions. I also use a password manager and they’ll come up with long passwords for me. Sometimes I have to change a character or two, but I couldn’t possibly remember all my passwords any more.
Thanks for the article.
Carol
LOL, thanks Carol. I’ve always had some sites where I couldn’t remember the passwords, but there were a bunch I used to know. It’s safer this way, especially these days where we have upper and lower letters, along with numbers and symbols. Long passwords work well, and some of the suggestions I made could help someone who wants ideas on creating long passwords that are easier to remember.