fire

Quick tips to secure passwords

One of the more frustrating exercises in using anything online is keeping your passwords safe. They have to be easy to remember and hard to guess.

Here is a trick I've used for years that seems to work for passwords, Social Security numbers, telephone numbers, birthdates and anything that needs to be safe.

Develop a solid base password

This should be a 79-character base that has a combination of upper/lower case letters, numbers, and one or two special characters. For example, the airport code for Phoenix, AZ is PHX' and a date I easily remember is the day JFK was assassinated, 11-22-1963. 

So using that as a starting point, I can morph it a little to increase the complexity: PHX becomes PhX, and with 11-22-1963 I can substitute ! for the 1s and the # (shift 3) for the number 3. That results in a base password of PhX!!22!96#Now that you have the base password, develop a schema for any password site name. For exampleGoogle Gmail could become gml or gglgml, making my password for Google Gmail PhX!!2!!96#gml or PhX!!2!!96#gglgml. Easy to remember and difficult to crack.

Disguise important numbers

It's important to be able to access Social Security numbers, but also important to guard them.

I have to store lots of Social Security numbers for spouse, kids, parents, grandkids, and so on. I've identified two ways to encrypt these in plain site.

The first was is to change every other number by +1 or -1 (or any number +/-). For example, 123-45-6789 using +1 becomes 224-46-6890. Since I know the key getting back is straightforward. 

The second way is to use your Social Security number with some +/- number added to numbers within your Social Security number. Lets say your Social Security number is 123-45-6789 and your spouse's number is 987-65-4321. Adding a +1 to the last digit in each results in your number becoming 124-46-6780 and your spouse's number becoming 988-65-4322. By storing both numbers you have the key to decrypting. Put your Social Security number back to the original and you know how to put your spouse's number back to the original.

The second scenario works equally well for phone numbers, addresses, lock combinations, etc.

Exercise caution

The caveat in the first case is to keep your key to yourself and the in the second case keeping your Social Security number private.

For the most part the bad guys are interested in low-hanging fruit and big fish. If the bad guys get your computer and all the information is encrypted as above there is little that can be gained.

The problem is that Social Security numbers do have a way of popping up. The good thing is that correlating a Social Security number to a specific person and then decrypting the information takes time...the one thing the bad guys don't have.

Subscribe to the Security Watch Newsletter

Comments