Password Mistakes And How To Correct Them

password-mistakes

Today’s modern technological world of the internet often requires that we keep and deal with countless passwords. It can be daunting and frustrating to manage this aspect of our modern lives and consequentially there are lots of password mistakes that people make while doing so.

You can better your preparedness and security against a hacker discovering your password within the realm of cyberspace by avoiding the following password mistakes, and by using the following techniques to correct them:


 

Your Password Is Not Long Enough

Having a password that is too short is one of the most common mistakes that people make. Years ago this was not as much of a concern, however today’s computer processing power is such that it does not take long for a machine to go through millions of hypothetical passwords – and the shorter it is the quicker it will be discovered. Simply adding a few extra characters will exponentially increase the level of difficulty for brute force password discovery.

Evidently, a six character password is essentially useless. Depending on the site which is requiring a password, there is often a minimum number of characters that they require. Similarly they sometimes have a maximum number of characters that they may allow.

A 10-12 character password fits most of the minimum requirements for most sites.

 

Your Password Is Too Easy / Simple

You may be quite surprised to discover just how many people use a simple password like 123456 (the number one password used by people today). Guess what the number two password is? Password. That’s right, ‘password’.

Some of the best things you can do to strengthen your password is:

-use both lower and upper case letters
-use a symbol within your password
-use a number within your password

For example, consider using a two-word phrase that fits within 10-12 characters, use upper and lower case, and add a symbol and a number to the mix:
FoodStorage

Then you might exchange (as a general rule) any “o” for a zero and any “s” for $. These are easy and similar substitutions that you can make which will make your password MUCH better than a ‘normal’ simple password!
F00d$t0rage

 
But you can do even better… Here’s a much more effective way to strengthen a password. Make it look ‘random’. Here’s how:

Think of a sentence, maybe a line from a favorite song, or a favorite place that you like to visit, or something that you enjoy doing, etc… and choose a sentence with about 10-12 words.

“I have enough food storage to feed us for 1 year”

Then, use the first character from each word:
Ihefstfuf1y

You might also consider a similar character/symbol substitution, such as $ for s.
Ihef$tfuf1y

The password now looks totally random, and will be MUCH MUCH more difficult for a hacker to crack – if at all. The more that you use your phrase, the easier and quicker it will become.

 

Your Password Is The Same For Every Site

“If” a hacker does manage to get your password (maybe via a security breach at one of the sites that require passwords), then it may be used to access any and all of your other sites/accounts! Whoops! Here’s a trick how to get around that issue, while still implementing the advice above:

While still maintaining a 10-12 character overall password length, shorten your sentence length to 7-9 words (or characters).

“I have enough food storage for 1 year”
Ihef$f1y

Then, as a self-imposed rule, always use the first three letters of the site as the first three in your password. For example if you are signing up for Amazon and are required to implement a new password, use “ama” as the first three. So now your password (for Amazon) becomes:
amaIhef$f1y

This way your passwords are unique, they’re within 10-12 characters, they have both upper and lower case characters, they include a symbol and a number. Totally appearing random!

 

Conclusion

Hopefully these thoughts will help some of you with password techniques as you navigate through today’s modern world of the internet while doing your best to secure yourself against hacking and discovery.

16 Comments

  1. It seems that more and more sites are requiring longer passwords as well as a number, upper and lowercase letters as well as a special symbol. I also keep a small notepad next to my computer with the passwords of each site. I, at one time, used the same password for all sites, but then some companies require you to change your password every six months and won’t let you reuse a password if you have used it for the last three passwords. It was just getting too hard to remember all the passwords. So the notebook works for me.

  2. I use the sentence idea. I have three sentences depending on what I’m doing (financial, personal, other) and a different pattern to identify the site. So only one or two digits have to change when the site requires a change. I also keep a separate password page with my personal documents.

  3. I used to use one password for all sites. When password requirements changed I could not keep up with them. I started a word document to keep all my passwords on my desktop, then realized that was probably not too safe. I finally got a simple address book and write them in there according web site in pencil. Easy to hide and safe from cyber crooks!

    I like the sentence passwords for sure.

    1. I store passwords, credit card, and other important info on my phone using an app called “AVG Vault”. First you need a passcode to open my phone and then you need a tougher passcode to open AVG Vault. Unfortunately AVG stopped supporting Vault several months ago. I am looking for a new app.

      1. Check out Lastpass. Very similar idea, useable across desktop and mobile browsers, along with mobile apps.

  4. Thinking that “In-A-Gadda-Da-Vida” is not such a good password now, Dang it anyways.

    Actually I have used a combo of U-l letters, Numbers and Special charters even since I was a Programmer at Mesa Airlines. Was mandatory with the security level I once had. In Unix the “#” was in full control of the entire system, so if your PW got compromised….. well lets just say it’s not a pretty sight.

    Great reminder Ken, thanks.

    NRP

  5. I use different passwords for different sites and keep up with them using RoboForm. It’s a password protected and encrypted toolbar on my laptop. It will enter all you info into an online order form. I’m confident it’s secure and it’s very convenient if you shop online.

  6. I use old addresses and zip codes, but I change the zip codes to the symbols that correspond… for example my grandparents address “123 Maple 60612” turns out to be “123Maple^)^!@”

    This seems easy for me to remember, and because I never lived there it seems near impossible to hack especially with the uppercase, lowercase, numbers and symbols.

    Just something for my fellow Preppers to consider.

    1. I like that idea with the zip code/symbols. I’ll have to give it a whirl.

  7. DH was known for creating passwords and was good at recalling. When we acquired more sites requiring passwords…..ah, yes, the recall was just a wee bit off. The old fashion telephone book you would purchase for a $1.00 became our pass word book. Using pencil for the company name and pass word when they needed to be changed, simply erase and replace with the new code.
    I also found it helpful when we installed a new router to put the data in this book should we have a system failure.
    We do not use the “cloud”, less on the net the better for us.

  8. Good read. I use couple of the last names of kids I went to grammar school with.

    Since there were German, Italian, Spanish, Irish, Polish and even Portuguese in my class….it would be pretty hard for someone to guess it.

  9. Reminds me of the coworker who told me (with a straight face, mind you) that he has the word “incorrect” as his password. This way when he has a brainfart and just types in gibberish, the computer tells him what it is: “Your password is incorrect”

  10. I worked with a person back when “the internet” just became available to “the public”. i.e., Back when DARPA allowed it to go public. That person is now a well paid “hacker”. His advice to me then was to use a technique he called “double-duece” (DD). I thought he was talking about a card game. But no. DD is a very unique method of passwordology. It can raise the possibly of not being discovered by about 4 x 10^16. That’s 4 followed by 16 zeros. What is DD? It is two groups of two alpha/numeric characters that are the same. What does that mean? Example:

    1AA234BB5

    Where the numbers (numeric entries above) are numbers OR letters. AA and BB are, as I use them, just numbers. As in “I44hate66this”. The probability of a ‘hacker’ guessing two groups, or more, of characters being the same is quite low. Each pair of like characters raise the non-guess-ability by 15,876. Two would be over 252 million. Then add 5 ASCII characters from your key board and you mess with 3.175…^10. That’s 10 zeros after the 3.175. Lotsa trials there. Now, just to make things more difficult, change the password every month by adding the month number to the end of the password. That would make the example “I44hate66this04” for April. I just added 127 more possibilities.

    Simplicity has its magnificence. If you really want to make the guessing difficult, make the ‘doubles’ ‘triples’. That takes the 15,876 of two digits up to 2,000,376 for three. Then add the second group of three and multiply the first group by the second. Then change it every month. And grin.

    In other words….it really is possible to mess with the hackers. And piss them off. LOL

  11. The nerds that do the xkcd web-comic came up with an interesting one on password security that has always stuck with me. Their math usually goes over my head but it might be worth a look for some of you. Google- xkcd password strength

  12. My password stays the same in the center and changes the beginning and end characters. This makes it easy to memorize the few center characters, and I can write down the changes.

    For example, the center may be gG017
    The beginning as of today may be Ww
    the end may be 10#

    So today my password may be WwgG01710#
    When a site requires me to change it increment the beginning or end, depending upon the site. So if I change it the new pw may be XxgG01710#, or WwgG01711#
    To remember the pw I just write down the change – so I may have ‘iTunes – Xx’ or ‘iTunes – 11#’ written down to remember it. Easy.

Comments are closed.