How To Create Unique, Complex Passwords
A couple of weeks ago, we talked about multi-factor authentication and how essential it is to implement on every single internet-accessible resource that you use. This week, I want to talk about the other part of that, and that's your passwords. I'm going to teach you how to create a unique, complex password that is easy to remember and impossible to guess. You may not believe this, but stick with me.
The Evolution of Complex Passwords
A couple of years ago, the National Institute of Standards and Technology (with paper 863, if you're interested) came out with two recommendations that seem completely out of this world to what we're used to. Number one, they removed the recommendation for complex passwords, and they also removed the recommendation of password exploration. What we found was that when we required people to change the passwords every 90 days, they started using patterns. ‘Summer17’ became ‘Winter18’ became ‘Spring19’. You could guess what the next one was going to be. So, they've removed that. The recommendation is that you keep the same password until you believe that it's been compromised or, frankly, you're bored with it. The neat part with this is that we can create longer, more complex passwords that you can remember off the top of your head. We're going to do that right now.
Right here, we have an address: #1208 Fremont Avenue. Seems kind of bland as far as an address goes. If you saw that on a piece of paper it wouldn't mean very much, but as a password, this is great. And I am telling you right now that this is a unique password for Facebook. Now, as we go through talking about this, take these ideas that I'm sharing with you and come up with your own ideas. Don't use exactly what I'm saying or else somebody is going to figure out what you did.
Tools To Find Out How Secure Your Password Is
So, this is how this works. As a password, it's 20 characters long. There's a great site on the internet called howsecureismypassword.net, where you can see how long it would take a hacker to brute force it. I will tell you, this password is about four sextillion years. It's not going to get broken. So, it is complex. It's unique. Frankly, it's an awesome password.
We're doing something here called chess theory. If you've ever seen the grandmasters playing chess, they're playing across sometimes four, five, six different boards and you're like, "How are they remembering each of those boards?" The fact of the matter is they're not remembering each piece, they're remembering the board as a position. And if you can remember several pieces as a position, it's less that you have to remember. If I were to ask a company to have every user require a password of at least 14 characters to 20 characters in length, there would probably be a revolt. When we look at it from a chess theory perspective, you're not remembering 14 - 20 characters, you're remembering two or three different things and this is what those things are.
n the case of the password that we just showed you, our constant: #120 something, something Avenue. This never changes; it's always the same. If we remember this, great! It's easy to remember. Next up, our variables. The first variable we have is eight. It's the number of characters in Facebook. If this was Amazon, that'd be a six. Google's a six. Microsoft, I believe, is a nine. You start remembering these. But the neat part is, if you're trying to log into Facebook and you know that your next variable here is how long Facebook is, you're reading it. It's not actually something you have to memorize. And next we had Fremont. F is the first letter of Facebook, that makes it pretty easy to remember. But, how did I come up with Fremont? Now this is the neat part about what I recommend people do.
Go on the internet and find an alphabet. It doesn't matter if it's animals, birds of North America, or street signs. And what you can do is you can bookmark that in your browser so if you ever forget the one, you can go back and look. But I'll tell you—after you've done a few of these, you're just going to remember that F is always Fremont. So, what I did was I went online and I just searched for street signs and I found this ‘ABCs of Minneapolis Street Signs’. Easy enough—it's in my browser. Now think about it: I'm at Facebook, I know that everything in my passwords is #120 something Avenue. Facebook is eight characters. Easy enough, I remember F. If for some reason I forget, I can check and, yep, it was Fremont. But odds are, I'm going to start remembering that, so we've come up with a great password.
As I said, here's a couple other examples: Amazon, #1206 Aldrich Avenue; Microsoft, #1209 Morgan Avenue. This looks so simple. They're easy to type because we're used to typing addresses, and if somebody were to see this, they wouldn't think that it was a Microsoft password. And also, if they did figure out it was your Microsoft password, their ability to figure out that your Facebook password was #1208 Fremont Avenue would be pretty much impossible. Just don't share your method with anyone and it works very good.
Those are my recommendations as far as how to set up a unique password. Take that idea and make it your own. Once you've played with it a little while, you can do all sorts of things. The study is actually called cryptography, and it gets to be quite fun. Those are my recommendations. If you'd like to hear more tips like this, this Thursday at 9:30 AM, we are going to be having a webinar with WatchGuard talking about working from home and how we can do better to secure it. Thank you very much for your time and thank you very much for listening. Stay safe, stay healthy.