{"id":42,"date":"2014-04-11T04:18:41","date_gmt":"2014-04-11T04:18:41","guid":{"rendered":"http:\/\/jonoforbes.com\/blog\/?p=42"},"modified":"2014-04-11T04:18:41","modified_gmt":"2014-04-11T04:18:41","slug":"write-really-good-passwords-avoid-the-collective-security-freakout","status":"publish","type":"post","link":"https:\/\/jonoforbes.com\/blog\/write-really-good-passwords-avoid-the-collective-security-freakout\/","title":{"rendered":"Write really good passwords; avoid the collective security freakout"},"content":{"rendered":"<p>With the Internet collectively freaking out about <a href=\"http:\/\/heartbleed.com\/\">the Heartbleed bug<\/a>\u00a0(a major Internet-wide security hole that could mean various passwords (and other information) have been nabbed off of &#8220;secure&#8221; servers)\u00a0this week, I though I&#8217;d share a password system I use to have a unique password per site \/ account that I can easily remember:<\/p>\n<ol>\n<li><strong>Pick a base.<\/strong> \u00a0This is what most people think of as their one password to use for everything. \u00a0Say mine&#8217;s &#8220;dogemanguy&#8221;.<\/li>\n<li><strong>Make it better.<\/strong> \u00a0You should include numbers, symbols, and upper case letters in your password, and not use dictionary words. \u00a0So my &#8220;dogemanguy&#8221; password can become &#8220;D0g3M4nG0i!!&#8221; (those 0&#8217;s are zero&#8217;s, not an upper-case o&#8217;s). \u00a0This password should pretty much max out any &#8220;how good&#8217;s your password?&#8221; test.<\/li>\n<li><strong>The important part &#8212; mix it up per site.<\/strong> \u00a0So here&#8217;s the trick I&#8217;m talking about, and why I&#8217;m personally not worried about the Heartbleed bug. \u00a0Take the name of the site you&#8217;re creating the password for, and intersperse the letters of that name into your base from step 2. \u00a0So if my step 2 base is &#8220;D0g3M4nGoi!!&#8221; and I&#8217;m making a password for &#8220;Facebook&#8221;, I would take the first letter of each, then the second letter of each, and so on, and get &#8220;DF0agc3eMb4onoGkoi!!&#8221; \u00a0Again, that&#8217;s comprised of every other letter of each, like so:\u00a0&#8220;<strong>D<\/strong>F<strong>0<\/strong>a<strong>g<\/strong>c<strong>3<\/strong>e<strong>M<\/strong>b<strong>4<\/strong>o<strong>n<\/strong>o<strong>G<\/strong>k<strong>0i!!<\/strong>&#8221; and\u00a0&#8220;D<strong>F<\/strong>0<strong>a<\/strong>g<strong>c<\/strong>3<strong>e<\/strong>M<strong>b<\/strong>4<strong>o<\/strong>n<strong>o<\/strong>G<strong>k<\/strong>0i!!&#8221;<\/li>\n<li>One step further: <strong>Don&#8217;t literally use the site name.<\/strong>\u00a0 The big shortcoming of step 3 is that,\u00a0if someone gets your (for example) Facebook password and notices the phrase &#8220;Facebook&#8221; sprawled throughout it, they could figure out the system and guess that you might have &#8220;Gmail&#8221; sprawled through that service&#8217;s password (especially if this method becomes more common). \u00a0One solution here is to have a system where you keep a list of matches, like &#8220;Facebook -&gt; Mom&#8217;s maiden name,&#8221; and then you use that matched term as the phrase you&#8217;re interspersing into your base password, rather than literally &#8220;Facebook&#8221; (or whichever site name). \u00a0The big important note if you&#8217;re going to keep a master list somewhere is to\u00a0<strong>never ever write down your passwords ever, or even parts of them.<\/strong>\u00a0 The point of this whole system is that your brain is the cipher and only you should be able to untangle the mess of your new passwords. \u00a0That&#8217;s why I write &#8220;Mom&#8217;s maiden name&#8221; rather than (for example) &#8220;TheAwesome&#8221;. \u00a0So if I forgot my Facebook password, I would look at my matches list, see that Facebook is matched with mom&#8217;s maiden name, know in my brain that it&#8217;s &#8220;TheAwesome&#8221;, and end up with the final, ridiculous, and ridiculously secure password &#8220;<strong>DT0hgeeAMw4ensGo0mie!!<\/strong>&#8221; (&#8220;<strong>D<\/strong>T<strong>0<\/strong>h<strong>g<\/strong>e<strong>e<\/strong>A<strong>M<\/strong>w<strong>4<\/strong>e<strong>n<\/strong>s<strong>G<\/strong>o<strong>0<\/strong>m<strong>i<\/strong>e<strong>!!<\/strong>&#8221; + &#8220;D<strong>T<\/strong>0<strong>h<\/strong>g<strong>e<\/strong>e<strong>A<\/strong>M<strong>w<\/strong>4<strong>e<\/strong>n<strong>s<\/strong>G<strong>o<\/strong>0<strong>m<\/strong>i<strong>e<\/strong>!!&#8221;<\/li>\n<\/ol>\n<p>You end up with a password that you can &#8220;easily&#8221; remember or reconstruct using these rules, looks like total gibberish, is likely completely unique in this website&#8217;s passwords database (protecting you from hacker methods like using a <a href=\"http:\/\/en.wikipedia.org\/wiki\/Rainbow_table\">Rainbow Table<\/a> to reverse-engineer your password if it&#8217;s based on common words), and moreover is completely unique in your password repertoire, so if somebody gets your Facebook password, they <em>only<\/em> have your Facebook password. \u00a0Much better than using one password for everything.<\/p>\n<p>This solution comes down firmly (but not absurdly so) on the security side of the security-vs-convenience spectrum. \u00a0Yes, it&#8217;s a lot more complicated than just having a single easy to remember word that you use as your password for every site, but it&#8217;s also much, much more secure. \u00a0At the end of the day, especially this week, I&#8217;m very happy to be on the secure side of the spectrum.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the Internet collectively freaking out about the Heartbleed bug\u00a0(a major Internet-wide security hole that could mean various passwords (and other information) have been nabbed off of &#8220;secure&#8221; servers)\u00a0this week, I though I&#8217;d share a password system I use to have a unique password per site \/ account that I can easily remember: Pick a &hellip; <a href=\"https:\/\/jonoforbes.com\/blog\/write-really-good-passwords-avoid-the-collective-security-freakout\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Write really good passwords; avoid the collective security freakout<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[8],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-nerd-tips"],"_links":{"self":[{"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":2,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions"}],"predecessor-version":[{"id":44,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/posts\/42\/revisions\/44"}],"wp:attachment":[{"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/media?parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/categories?post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jonoforbes.com\/blog\/wp-json\/wp\/v2\/tags?post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}