Too many passwords?

How many web sites do you log into? Your bank? Facebook, Myspace and any number of other social networking sites? Auction sites? Shopping sites? Maybe lots of others too. Every site, of course, requires you to create a password. And if the site is serious about security, it may even set certain rules. For example, it may insist that your password is at least eight characters, or must contain non-alpha-numeric characters, or must use at least one uppercase letter, etc.

The problem is, with so many online accounts, how do you remember a unique password for each one? We all know that it’s unwise to use the same password for them all. And it’s not much better simply to recycle them – e.g. ‘david1’, ‘david2’, ‘david3’, etc.

There is a solution. Instead of trying to remember individual passwords, start with a fixed component and then apply a simple scrambling formula. Here’s an example: start with the name of the online resource, let’s say ‘mybank’. Then apply your formula: e.g.

1. Capitalize the fourth character.
2. Move the second last character to the front.
3. Add a chosen number after the second character.
4. Add a chosen non-alphanumeric character to the end.

This would give you a password of ‘n1mybAk;’.

There is an alternative method too. Instead of using the name of the online resource as the fixed component, create your own passphrase and use the first letter of each word. So if your passphrase is ‘the quick brown fox jumps over the lazy dog’ the fixed component of each password starts out as ‘tqbfjotld’. Then apply your four step rule.

Using either of these methods gives you a unique password for each online account, but all you have to remember is the same four steps each time.

Passwords aren’t the only case in which humans can prove to be the weakest link in security. Finding ways to ‘patch’ our human resources is every bit as important as applying security updates to computers. Click here for further discussion of the human dimension in Internet security.

Too many passwords?

Your email address will not be published. Required fields are marked *



APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox