CCS Blog

An Easy Approach to Passwords

by Jim Martin

Passwords are a problem. You need them, but you can never remember them. You also need too many of them. You’ve got one (or two, if your significant other shares the account) for each credit card, your bank account, your insurance company, your home computer, your business computer, your email account and on and on. You could use the same password for everything, but that increases the risk of compromise. What can you do?

Some people take the lazy approach. SplashData collected data on exposed passwords over a six year period, and found that the two most common were “123456” and “password.” Creative, eh? Other popular keys were “12345678,” “qwerty,” and “football.” You can’t afford this kind of stupidity for your business. You have too much of your life invested. Imagine in addition the risk of a penetration of your business system leading to the compromise of all your customers’ data. That’s scary! You want a set of passwords that cannot be easily broken.

Some people like to use song lyrics (BeBopaLulaShesMyBaby), which are easy to remember, but not as unbreakable as passwords of half their length. A random string of words (BiscuitWarpAxisBeagle) will work only slightly better. Mixing capital and small letters doesn’t gain much (GrEaTqUaRtErBaCk). Don’t change letters to similar symbols either (D@1ly$tew), because those can also be broken by hackers with million-tries-per-second software.

My solution is a system of building-block passwords. The process makes them easier to construct, easier to remember, but still random enough to thwart all but the most determined hacker. Start the process with an easy to remember core word that you will use in every password. You might choose Jeopardy Host Alex Trebek. Split the word: ale xt rebek. You’ll note it looks random already by splitting the last letter of the first word off with the first letter of the last word. The rest of the password is created by “personalizing” it to the application. Let’s say you want to create a password for your brokerage account. First, Put a symbol at the front to indicate what type of account it opens ($ for financial, and so on) and the initials of your broker in the first break in capitals: $aleCSCxt rebek. The CSC here is for “Charles Schwab, Campbell). Now for the other space, add something easily associated with what you’ve put in the first break, say the stock symbol of a favorite stock. AT&T would lead to $aleCSCxtATTrebek. It’s easy to remember how you put it together. I currently have two pages of passwords in my safe, but I have no trouble remembering the majority of them.

If you want to make them even more complex, you can put your kids’ years of birth in various positions: oldest in the first break of financial passwords, second in the second break of credit card passwords, and so on. Random implementation makes breaking them even harder. I realize this looks complicated, but you’ll find it easy after a few uses. You still want to keep a list in a secure location, with the only digital copy stored on a thumb drive. When you put the list together, use asterisks for the portion that you don’t change: $***SCC**ATT****. Even if someone can steal that list, it will take a long time to figure out the rest.