The best way to make safe and secure passwords you can remember.


Passwords are the key to the gate of your castle. This brief advice
will help you create and remember passwords that will protect you.

From security guru Bruce Schneier;

"The attacker will feed any personal information he has access to about the password creator into the password crackers.  A good password cracker will test names and addresses from the address book, meaningful dates, and any other personal information it has. Postal codes are common appendages.  If it can, the guesser will index the target hard drive and create a dictionary that includes every printable string, including deleted files. If you ever saved an e-mail with your password, or kept it in an obscure file somewhere, or if your program ever stored it in memory, this process will grab it. And it will speed the process of recovering your password."
"Last year, Ars Technica gave three experts a 16,000-entry encrypted password file, and asked them to break as many as possible. The winner got 90% of them, the loser 62% -- in a few hours.  It's the same sort of thing we saw in 2012, 2007, and earlier.  If there's any new news, it's that this kind of thing is getting easier faster than people think."

There's still one scheme that works.  Back in 2008, I described the "Schneier scheme"; take a sentence and turn it into a password. For example:
  • This little piggy went to market might become "tlpWENT2m".

  • WIw7,mstmsritt... = When I was seven, my sister threw my stuffed rabbit in the toilet.

  • Wow...doestcst = Wow, does that couch smell terrible.

  • Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.

  • uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure.

Schneier continues with this advice;

   1. Never reuse a password you care about.  Even if you choose a secure password, the site it's for could leak it because of its own incompetence.  You don't want someone who gets your password for one application or site to be able to use it for another.
   2. Don't bother updating your password regularly.  Sites that require 90-day -- or whatever -- password upgrades do more harm than good.  Unless you think your password might be compromised, don't change it.
   3.  Beware the "secret question."  You don't want a backup system for when you forget your password to be easier to break than your password.  Really, it's smart to use a password manager.  Or to write your passwords down on a piece of paper and secure that piece of paper.
   4. One more piece of advice: if a  site offers two-factor authentication, seriously consider using it.  It's almost certainly a security improvement.
This essay previously appeared on BoingBoing.

When it comes to passwords, yu can't get any better advice than this, special thanks to Bruce Schneier.
Thanks for reading,
The Total Digital Security Corporation
Palm Beach, FL



Subscribe Here!


Includes the monthly CyberAdvisor Letter.




Calendar of Cybersecurity Education and Speaking Events


Recent Posts