Blogs

Developing a password strategy

By Cathy Hutchison, CPSM, LEED AP posted 05-28-2014 12:21

  

The Heartbleed virus has everyone thinking about password strategies.  But, the reality is that we don't like thinking about passwords.  We want something quick, easy and memorable that won't slow us down from getting where we want to go.

Like many people, I used the same password for almost everything rather than having something unique for each site, but Heartbleed has me rethinking that practice. 

There are many password managers that will not only keep track of where you login but also generate random passwords for your login to help protect your information.  (Of course if you lose your password to the password manager, you are hosed.) But, I wasn’t thrilled with the idea of randomly generated passwords.  I wanted to know what my password was so that if it wasn't convenient to look it up in my password manager, I was covered.

Long passwords are more difficult to crack than short ones which created the idea of PassPhrases. (It also helps that a phrase is easier to remember than a series of random numbers and letters.)  A friend shared with me that she uses a series of song lyrics based on the type of site she is logging into.  It occurred to me that made a great idea for a password system.

If you have a song lyric--or any phrase really-as your password, then you have the option of changing one portion of it based on the site you are on.  For example, your base password could be…

imridingonadarkhorse

But you might make it unique for each site by adding a prefix or suffix unique to the site, for example:

imridingonadarkhorse+FB
imridingonadarkhorse+TW
imridingonadarkhorse+mysmps

Of course, it doesn't have to be an ode to Katy Perry with a suffix.
  It can be whatever format you create for yourself.  And, the more unique the phrase the better.  

After researching password managers, I wound up going with LastPass.  I've been impressed with how useful it has been in helping me keep track of every site I use.  But, I've also enjoyed having passwords I can remember. 

2 comments
52 views

Permalink

Comments

Having a unique password doesn't always have to be for logging into secure websites. It is also useful in protecting anything. My aunt and uncle had their identity stolen. It was easy to attain some of their most vital information to access the bank accounts, cell phones, etc. These criminals were so savvy, they were able to access their cell phone accounts and have the calls forwarded. If a creditor called their phones it was forwarded to the criminal. How were they able to accomplish this feat. What is the standard question asked to protect your account? "Mother's Maiden Name". You can also use this password strategy for answering these questions. Criminals will never think to use "imridingonadarkhorse+FB".

05-30-2014 18:35

A while back when Ravelry was hacked, I set up a similar system for myself. My password at each site is unique and is based on the title of the website as well as a number sequence; it's easy for me to remember and very difficult for others to guess. It works like a dream. Thanks for a great post!