
Martin Warr, our IT and Schemes Manager, provides his thoughts on creating strong passwords.
Passwords are used everywhere and until stronger biometric locks are used on computers and mobile devices it is likely that you will be using a password to ‘log in’ ‘access’ or ‘unlock’ for a few more years.
Hopefully gone are the days of using simple passwords like ‘qwert123’ and ‘football1’, these common passwords take micro seconds for hackers to find and implement.
Many sites suggest differing ways to have strong passwords, suggesting differing amounts of characters and utilisation of differing character sets. In general, the longer the password the more resilient it is against a computer attack.
However, with longer passwords that are more complex the ability to remember them decreases, unless you employ a system of some type.
Password managers
Password managers, which may hold your passwords and may generate random passwords, when required, is one way. However keeping this safe does require generally a super password, or even an extra security layer such as two-factor authentication. Hackers are beginning to focus their target on such app and utilities, since the size of the prize within may be greater.
Personal thoughts
My personal thoughts if you do not have access to such password managers would be to utilise things around you that may be constant for a period of time, and then to break it down into your own personal code (like an Egyptian hieroglyphics), but only you may understand. Also, try to avoid making it too personal with personal elements you may populate things like social media with.
Let us take an example, of maybe a password that may not change that often.
You went on holiday last year and took a book with you to read.
The book is ‘George Orwells 1984’, what is the opening line?
‘It was a bright cold day in April and the clocks were striking thirteen’
How about shortening it to the main words
GO1984#BrightCold04ClockStriking13!
Here using a code of # the marker after the writer and book name
! as a sound, you may have “ for speaking elements
You may even include where you went on holiday say Spain. Then use a Spanish word or two using $ as markers for foreign language.
Therefore, it could be
GO1984#$friobrillante$04ClockStriking13!
Then the most important part that is unique to you. A way to remember it is, just to remember how you consistently shorten things.
Writing down a password or as it should be termed passphrase, is not so much as writing it exactly down, but just as aide memoire as to what it should be written as.
So writing down:
‘My password is the book I took on last holiday short opening line with some local dialogue’ could be a way to help remember it, and not give it away.
Even writing down your complete password as
‘Spanish holiday book 1984 by George Orwell It was a bright cold day in April and the clocks were striking thirteen when I was reading a book by George Orwell on a sunny beach in Spain’, should not actually give it away.
It may not be a book; it may be a film you have recently seen? The people whom stared in it. It could be the address of your friends, aunt uncle written in shorthand, the things you always by from the supermarket etc.
If it’s one that does change more regularly then it may be shortened to just the first letters of the words, but including your codes
So it ends up like this
GO1984#iwabcdiaatcwst
That’s a fairly straight forward over 20 character password. One that is technically written down for you, in a hidden secret location, i.e. the book itself.
what3words
One last one that I have recently heard of it to utilise the what3words website. Pick an exact favourite place; the front door of your house; the entrance to your work; your parents/siblings house etc. Find out what the three words for this place are, and then encapsulate them in your code. (Forwards backwards, including standard codes etc.)
Final comments
Remember passwords are there to protect data by giving restricted access. No matter whether it is an insurer database; broker database; your online shop account; your bank account. All should be treated the same with strong adequate passphrases.
A useful read may be found on the NCSC.gov website [external link].
However, remember at the end of the day an attacker may just get lucky (you would know this if you have ever chosen six numbers and won the lottery), and crack your sequence of characters in the first few million attempts.