Opinion

Too many passwords?

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc.

The problem is, with so many online accounts, how do you remember a unique password for each one? We all know that it’s unwise to use the same password for them all. And it’s not much better simply to recycle them – e.g. ‘david1’, ‘david2’, ‘david3’, etc.

There is a solution. Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example: start with the name of the online resource, let’s say ‘mybank’. Then apply your formula: e.g.

1. Capitalize the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.

This would give you a password of ‘n1mybAk;’.

There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is ‘the quick brown fox jumps over the lazy dog’ the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four step rule.

Using either of these methods gives you a unique password for each online account, but all you have to remember is the same four steps each time.

Passwords aren’t the only case in which humans can prove to be the weakest link in security. Finding ways to ‘patch’ our human resources is every bit as important as applying security updates to computers. Click here for further discussion of the human dimension in Internet security.

Too many passwords?

Your email address will not be published. Required fields are marked *

 

Reports

How to catch a wild triangle

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Subscribe to our weekly e-mails

The hottest research right in your inbox