HiddenText Ltd

It’s currently Get Safe Online week and so I thought I’d do a quick post on passwords.

I’ve been using the internet for decade(s) now and it is amazing that I can remember most of my passwords – but that is a bad thing – it probably means I haven’t changed it enough. The only password I cannot remember is for my old ICQ account … I’d love to resurrect that one !

Let’s do a little experiment :

1. Write out on a piece of paper your password with each letter taking its own space up
2. Write the numbers 1 to 10 above it like this :

   1. 1 2 3 4 5 6 7 8

   2. P a s s w o r d

3. If the number over your last letter is 8 or less, then read on carefully,
4. If the number is a 9 or a 10, then read on, but well done
5. If your number is over 10 then big hugs and read on !!

HERE COMES THE SCIENCE !

Lets think about how a password is created. It can be Uppercase, lowercase, a number or a symbol.

So for each space in your password you could choose:

26 (uppercase letters)

26 (lowercase letters)

10 (numbers)

35 (symbols – I just counted them!)

Add that up and for each space in your password you could choose 97 different characters.

So a password that is 8 digits long : there are 97 x 97 x 97 x 97 x 97 x 97 x 97 x 97 different permutations … want to know how many that is … it’s a lot !

7,837,433,594,376,961

according to my calculator … as I said … it’s a lot !
Now you want to know why we did the science bit … well that is the number of entries in a rainbow table. A rainbow table is every permutation of character from aaaaaaaa to ZZZZZZZZ and all the numbers and symbols thrown in too ! They are known, calculated and stored in a database for quick reference. Even better … every word in the English dictionary is already known too.

Encryption :

Surely I type my password in and it is sent encrypted so the criminal doesn’t get my password, they get the encrypted version ?

Well yes, you are correct (or you hope at least !!). The issue is that also in the rainbow table is the encrypted version of your password. If the criminal receives a password that looks like this :

: MD5 :
DC647EB65E6711E155375218212B3964

: SHA1 :
8BE3C943B1609FFFBFC51AAD666D0A04ADF83C9D

: SHA256 :
E7CF3EF4F17C3999A94F2C6F612E8A888E5B1026878E4E19398B23BD38EC221A

Then the criminal can look it up and say your password is Password.

So you see the criminals can unlock your account whatever it may be if your password is less than 8 characters. If they have all 8 character permutations now, we know they are working on more – so those with 9 or 10 characters, it is only going to be a matter of time.

So I’m gonna need some help :

Well, the good news is I can show you how to make a cool password, you will always remember AND is unique for EVERY website you ever visit.

Things you are going to need

1) Paper and pencil

2) A really good song you love

3) The name of two or three of your most common websites you use

Got those ? Good … here goes.

The second exercise : 

1. Write out on your piece of paper like you did before, but this time the numbers 1 to 12.
   1. This will be the minimum length that your password can be … this is not a target to hit but a target to exceed
2. Write out a song lyric from your favourite song elsewhere on the page in one line
   1. Not for very much longer (Rocky Horror Picture Show)
3. Change the ‘o’ for a zero and the ‘e’ for a 3
   1. N0t f0r v3ry much l0ng3r
4. Remove the spaces
   1. N0tf0rv3rymuchl0nger
5. Copy this under the numbers you wrote before

   1. 1 2 3 4 5 6 7 8 9 10 11 12

   2. N 0 t f 0 r v 3 r y m u c h l 0 n g e r

6. How many characters did you do ?
   1. I got 20

The tricks are as follows :

• In step one I wanted you to think about the password being as long as possible
• In step two I wanted your password to be something you remembered
• Step three takes the words and makes them difficult to read from a dictionary
• Step four prepares it as a password
• Steps five and six shows how well you did.

So now we have a good strong password that you can change regularly without much thinking about.

HOW DO I MAKE IT UNIQUE THOUGH ?

Here comes the final bit .. we want at least one symbol in there and your websites.

1. So Facebook and Amazon are my two I will give as an example. Choose the first two letters

   1. Fa

   2. Am

2. Now put a symbol in the middle (not exclamation mark – let’s have $)

   1. F$a

   2. A$m

3. Notice how you leave your finger on the Shift key to reach up to get the dollar symbol as well as the first letter
4. Now add it to your original unique password

   1. N 0 t f 0 r v 3 r y m u c h l 0 n g e r F $ a

   2. N 0 t f 0 r v 3 r y m u c h l 0 n g e r A $ m

And there you have it – you’ve added three characters (so mine is now 23 characters long) it is unique for every website I log in to .. and if it is ever breached and my password exposed, I can even tell you where the password came from !

So every 6 months or so when you want to change your password, all you need is a new lyric or quote, repeat exercise two on it and see how long it grows – try to make it longer than your first !

Final thought ….

Passwords are like underwear.

• They cover up private stuff.
• Change yours often.
• Don’t share them with friends.
• The longer, the better.
• Be mysterious.
• They cover your ass.
• Don’t leave yours lying around

Passwords are like bubblegum.

• They are strongest when fresh
• They should only be used by one person
• When their left lying around they will create a sticky mess!

 

Passwords are like toothbrushes.

• you really really shouldn’t share

 

Passwords are like flowers.

• They too should grow with time

What do you think?

Do you have any other good password tips ?

Let me know in the comments.