Simple and Effective Password Concept
The problem with passwords is that humans are inherently lazy (hey, me too!) and Security Admins are apparently a special kind of sadist when they think users can remember an insane combination of 1337 and binary. In reality, complex password requirements traditionally lead to greater security risks because users find new ways of cheating to remember their passwords. Whether it means writing them down and stuffing a notepad in their unlocked drawer, or typing them all out in a Word Doc labeled “passwords”, users will always find a way to easily “remember” their passwords.We, as security professionals, need to learn to leverage both human weakness and technical requirements by teaching our users how to set up complex passwords that are easy to remember, but difficult to crack. Easy and hard? Say it ain’t so.Here’s where a simply password algorithm comes into play. By using a personal algorithm to derive unique passwords for every site, users can easily remember one word and one 4-digit pin, but have a unique password for every site and system they need to access. Here’s how it works…Here is a simple password algorithm to use for easy-to-remember AND secure passwords. The great thing about this concept is that you can have hundreds of unique passwords without the trouble of remembering each one individually.Basic steps:1) Pick your favorite word. We will use “password” since it seems to stay towards the top of the list of most popular passwords.2) Pick your favorite three or four digit number. Let’s go with “1234”, again because it remains as a global favorite every year.3) Then set up an account at your favorite website, such as Cybrary! Here’s where you get to pick a really cool username using your favorite 1337 references.4) To set your password for Cybrary, you simply use the first two letters and last two letters of the site as bookends around your favorite word, such as “cyPASSWORDry”.5) Then add your favorite number along with the special character equivalent and you have: “cyPASSWORDry1234!@#$”.6) Using the same algorithm for Yahoo would look like “yaPASSWORDry1234!@#$”, which is a unique, complex, and long password.So instead of keeping your passwords simple (and weak), or writing them down (argh!), all you have to do is remember your favorite word and number. Now your account list might look like:Cybrary: cyPASSWORDry1234!@#$Yahoo: yaPASSWORDry1234!@#$Facebook: faPASSWORDok1234!@#$Bank: baPASSWORDnk1234!@#$If you understand how password hashes work, then you know that these passwords look 99% different to a computer. If you didn’t know about hashes, I’d recommend starting with Cybrary’s Security+, Module 6.Best of luck, stay secure.