Creating A Password |
||||||
|
||||||
M1k3@H0m3 53Xon+Be@ch Here is another one that is hard to crack and
easy to remember. It says "Sex on the Beach" ("the" is replaced
with "+") @o15uX@55 If you are on AOL this one might be easy to remember
as well. +H1SismyBby If you have to log on to a baby site, a password
similar to this might help. It says "this is my baby". This is the general idea for generating good passwords. But if you
have like 30-40 passwords and don't want them to all be the same here
is another method that could help you. Password management has become a real issue for me. One method I've
had to start using is writing my passwords down and putting them in
my wallet. This definitely helps. Manual encryption
will help you not only remember passwords
on the fly but also help you come up with a unique password for each
of your accounts. It involves creating a single complex pattern for all your passwords.
Instead of memorizing all 30 passwords/login names you memorize the
pattern
to which you set ALL your passwords and logins. It's a simple way to
organically encrypt all of your passwords. Here is how it works: Use some cryptic variation of the name of the
service or network your are logging into and integrate that variation
with a key you use for all of your passwords. Computers do something
similar to this with a method called "salting." A "salt" is
a value used to modify a hash of a password. For example, say your name is Kevin Mitnick and you have an account
at the DoJ, Department of Justice. As with most government systems,
Department of Justice has a Information Assurance rule rule that states
that you must have at least 8 characters, use Upper and lower case,
at least one number and a special character. So you might create a pattern that looks like this: JMo!D+n1cK In this pattern, the service or Network (in this case DoJ) is backwards "JoD" and
the service is salted with the name Mitnick in leet (leet, aka l33t,
is a cryptic old hacker language). With leet Mitnick is spelled "M!+n1cK".
This word is then intergrated among JoD in as every other letter and
then sequentially. Some services and networks you register for restrict complex passwords.
As a security guy I find this very annoying. All I can say about these
is to make your password as complex as possible and don't put anything
important in that account. If it is your bank, they should at least
have SSL. If not, don't use that institutions web service. Manual Encryption with noncomplex passwords Using our Kevin Mitnick/DoJ example above, lets say that the DoJ has
changed its Identification and Authentication policy and now requires
that no user use special character. Manual encryption still works: JMoIDTn1cK All the special characters are replaced with letters. In conclusion, I'd like you to consider that no account is really
safe. No matter how complex your password maybe it can always be hacked
by brute force or by an ex-employee who has a copy of all user account
information at his house. Chances are if you are logging onto the system then it has a vulnerability,
it just hasn't been found yet. All we can really do is protect that
which is in our immediate control, don't worry about things you can
not change but don't procrastinate on the things you can.
|
||||||
