Passwords Redux

Much has been written about best practices for passwords, but few people have taken the advice.  The simple reason is that it’s a pain to use “strong” passwords.  
Is your password “password123, iloveyou, michael74” etc?  If so, it’s time to change.  Now.  Online crime is a massive business.  Some have compared it to the illicit drug trade in scale.  This is 2014, not 1994.  There is simply no excuse for being lazy when it comes to securing your privacy.
A few things to consider:
Password vaults and their ilk.  I don’t use them and don’t recommend them.  How do you secure your password vault?  With a password.  So if an attacker gets one password he gets them all?  No thanks.  Convenient, yes.  Ideal, no.
Whenever possible, use words and terms which can’t be found in a dictionary.  This sounds harder than it is.  You can use altered spelling, nicknames, and clues instead of the actual term.
Don’t store a password list on your computer.
Don’t keep your passwords in your laptop case, or in the same location as your computer.
If you can deal with the hassle of two factor authentication, I recommend using it if available.  Gmail offers this to all users, I’m not sure about others.
While we’re talking about two factor authentication, let me tell you how I store my passwords.  It’s not exactly a high tech solution, but it’s handy and effective.  Post-its.  That’s right, I store my passwords on post-its.  
My passwords often contain a hidden reference to what they are related to.  For example, let’s say you bank at TD Canada Trust and your branch is located close to a Costco store.  Your password could be something like:
$Across from Costco$
Most people looking at this post-it would know that it was a password at all.  If they did, would they know what the password was for?  Sure, they could try this password with every possible option.  Total security is a myth, we’re just trying to make this as hard as possible.  If someone is absolutely determined to gain access to your data, chances are good that your passwords won’t help you anyway.
 The goal with a password is to make it easy to remember while making it extremely hard to guess or fall victim to a brute force attack.  A brute force attack is when someone uses a program to throw millions of password attempts at your ….  If your computer has already been compromised and your keystrokes are being recorded, strong passwords won’t help.
How to make your existing passwords stronger:
Let’s say that your email password is whiskers, the name of your no doubt loveable cat.  You can keep the familiarity of the password while increasing it’s usefulness as a password.
Old Password:  whiskers
New Password:  I have loved Whiskers since 2004!
Easy to remember, and vastly more secure than the original password.  If you can’t use spaces, simply remove them.
If you’re one of those who is determined to use birthdays as a password:
Old password:  120896
New password: (Dec. 8th 1996)
Password for a site you don’t often visit:
Old password: myspacepw
New password:  #MySpace has been dead since 2005#
These are just my suggestions.  I like phrases and sentences.  If you prefer math, try something like:
Old password: 120896
New password: 12+08 doesn’t = 96
Perhaps you prefer pictures?
Old password: ilovejessica
New password: I <3 Jessica 🙂
There are all kinds of easy options that will help you remember your passwords while making them more secure, you just have to take the time to think about it.  We’re aiming for increased difficulty here, not impossibility.  If there’s one thing we’ve learned, it’s that anything too annoying to remember will end up being reset to password123.