10 minutes to great passwords

With phishing ripe all around the web and viruses running rampant, its ideal that your passwords are strengthened and regularly rotated. 

Unless you have just discovered the World Wide Web, or recently come out of a hole, chances are that you are already using at least 2-3 different passwords. These are used from your email, to your office computer, to your social networks. Most of us will probably maintain these passwords for a decade without a single change. Convenient, but dangerous. 

A long time computer and web user like me probably has 17 odd combinations some of which change monthly, quarterly or so. You must be wondering how I manage to even remember the first few let alone all of them. Actually, I don't. I'm very creative at creating new passwords but even forgetful of remembering them. To make matters worse, minimum requirements of passwords today have almost doubled from the 8 characters that seemed sufficient a few years ago.

So a few years ago I came up with a system that would help me retain them in my memory without compromising the quality of my passwords. I disclose this in the intent that all who read this should understand the simplicity of maintaining the system and actually start using it.

I start with the structure of passwords. Not all password require to be highly secure. Probably get slapped around for saying that, but do you really need a 13-alphanumberic monster to log you into you favorite newspaper site, or your occasional site that requires a membership for posting blog comments.

Based on the above, I came up with two sets of passwords that meet all requirements. Each set can have multiple passwords within.

Type A
The stronger of the two, this type will be used for your highly secure logins. It should ideally be a combination of 13 alphabets, numerics and punctuation marks. i.e. J3nny38-24-34 (Jenny McCarthy's Stats), Ka-19-P-8488 (a vehicle registration plate in Mangalore, India)

This password should be changed 3-6 months (every month if you're paranoid)

Type B
A combination of 8-10 alphabets and numerics i.e. T3AmSe7en
It will be ideal of you use a passphrase here i.e. The quick fox jumped over the lazy dog - will become Tqfj0tld

These are long term passwords

Tricks to avoid
You may feel smart but today some hackers are already preempting your moves. These should be avoided at all costs

  • Dictionary words - God, password, wife, sexy, etc.
  • Names - jenny, harry, john, mary
  • Dictionary words with easy to guess substitutions i.e. j3nny, j0hnny, xmas
  • Only alphabets or only numerics - asdfg, 1234567890
  • Birthdates - 12251983, dec251983
  • Repeating alphabets or numbers - 111111111, ababababa

Verification and testing
Ideally you should have 3-4 Type A passwords and 2 Type B passwords. Write them down and check the password strength here.

Now that you have sorted out what passwords you can have, here's where you should use what.

Type A

  1. Primary Email
  2. Banking Services, Card transaction sites
  3. Secondary Emails, Social Networks, Amazon like sites, Skype, etc.
  4. Office Email
  5. Desktop Computer

Type B

  1. Office Applications
  2. Other Membership Sites

By the end of all this you should have 3-6 concrete passwords that are easy to remember, but hard to guess. Although methods to crack password are getting better and better, the mechanisms guarding these password are also getting stronger. While no system is fool proof, it is imperative that you give these technologies a fighting chance by simply following a logical plan.