As someone who has worked in the software development field since the very early 1980’s I have seen many changes. Passwords used to be pretty simple, naively you could have one password across all of the programs you used. Do you remember that?
Then the Internet came along. All of the sudden applications were running on the Internet, oh excuse me, the cloud.
Many websites require your setting up an account to get access to their offerings or goodies. Each of these websites have a need for, you are ahead of me again, a user ID and a password.
This is where it starts getting interesting. If you use one password across all accounts you will likely experience epic fails. That is when someone steels user information your other accounts are all now in jeopardy.
Therefore I have some simple guidelines I have created and use. I have three basic types of passwords. 1) Banking 2) Email 3) pretty much the rest of the internet (with some exceptions)
Passwords self generated is best
There are many people who would say this is not the solution. Well, they are all welcome to their opinions. This has worked for me for a very long time. This is simply something I feel needs to be shared with my clients and friends.
1) Banking – hyper secure, paranoid and remember-able
Here you need a very secure password. I have taken to creating a cipher for these types of sites.
This is not mine but an example:
a = 4 (see the shape)
e = 3 – obvious, yes
i = !
x = %
then you pick a word or phrase to cipher/encrypt
sexHappens then becomes s3%H4pp3ns
For many sites they require one upper case letter – for this I uppercase the first letter of the second word.
2) Email – nothing more embarrassing than some schmuck cracking into your email and sending out spam, porn, lottery messages.
Pretty much the same as above, just a different keyword is ciphered.
3) The rest of the Internet, with the realization that exceptions apply.
Here I get a little less concerned, shy of exceptions. I’ll do something very simple, say I am going to DandyCandy.com my password will be superSafe77candy – “superSafe77” becomes my root and then I append something about the website that I will recall. Over time I’ll create a new “root”.
I must disclose that you can and likely will break websites that can’t handle long passwords. I was evaluating a website one day and broke their login system because it could not handle superSafe77redtail – it was simply too long for their system to handle. I discontinued my evaluation. If I can break a website that easily they will certainly have security issues.
With this I have three basic types of passwords to remember.
How does one foil these measures?
All they ever need is physical access to the computer. Keep in mind with the cloud, physical access can be metaphorical. Seriously with actual physical access security is an illusion.
I attended the very first JavaOne conference. I sat at tables with the people created the Java programming language. Little known factoid – I have California License plate – MR JAVA.