One of the most obvious and easiest things we can to do keep our accounts and information secure online is to follow password best practices.
But I have over 100 accounts, so it’s impossible for me to follow all these rules to a T because I don’t have a photographic memory. When I started on the Internet, I traded security for convenience and just used the same password for everything. I incremented complexity when the web form complained that my password was too simple.
That’s why password managers such as LastPass and 1Password are becoming so popular. They allow you to have different, complex, and lengthy passwords for each account, and all you have to remember is one password.
Get it? 1Password?
I realize that some people feel uncomfortable with that idea, and I totally understand. The concept of locking all of your keys in a safe technically makes it easier on the thief, as he just has to steal one key to access them all.
So I want to provide an alternative for those who don’t want to use a password manager.
In fact, this method is even MORE secure than using a password manager.
The only ways to breach this system are to get you super drunk, on a truth serum, or divulging the secret in an egotistical boast about how strong your system is.
You can store the information on a spreadsheet, in the cloud, or even on a piece of physical paper. Totally up to you!
We’ll start off by reviewing what the best practices are, then go into the method.
Password Best Practices
The first article that comes up on a search of ‘password best practices’ suggests:
- Never reveal your passwords to others.
- Surprised this is even included on the list?
- Use different passwords for different accounts.
- So that a password stolen on one site cannot be used for another. 11 out of the 14 biggest data breaches of the 21st century involved password theft. It’s much easier to change one password than all of them.
- Use multi-factor authentication (MFA).
- Even if someone steals your credentials, they won’t be able to log in because they’ll need access to the authentication device, usually your cell phone.
- Length trumps complexity.
- Longer passwords are harder to crack than short passwords, even if the short password is complex. ‘TheKeyToMyDoorIsHiddenUnderTheBlueDoorMat‘ is better than ‘Tk$fR0*O’.
- Complexity still counts.
- You’re not going to get away from this one. Use your entire keyboard and press Shift.
- Make passwords that are hard to guess but easy to remember.
- Of course. You want to be able to remember them.
- Use a password manager.
- So you don’t have to worry about 1-6
The second article adds the following:
- Do not use your network username as your password.
- Do not choose passwords based upon personal details.
- Birth date, your Social Security or phone number, names of family members.
- Do not use words that can be found in the dictionary.
- So basically, don’t use words.
- Avoid using simple adjacent keyboard combinations.
- It’s only a rule because people have done it.
- Whatever you do, don’t store your list of passwords on your computer in plain text.
- Off of your computer is fine?
- Be aware of browsers storing passwords for you.
- For example, in Firefox: If you have not enabled and assigned a “master password” to manage your passwords in Firefox, anyone with physical access to your computer and user account can view the stored passwords in plain text, simply by clicking “Options,” and then “Show Passwords.”
Phew. Lot to keep in mind here.
Now let’s take a look at the method.
The most secure password management system
I started using this system when I got my first job out of college. When setting up my laptop, it asked me to create like ten different passwords for different things. I knew I wasn’t going to remember them all.
I had to write them down, but storing passwords in plain text is a big no-no.
I’m not sure why or how, but I thought of Smitty Werbenmanjensen and the method was born.
Today I use a password manager, but my passwords spreadsheet still has entries that I have not yet migrated.
As a proof check to how secure this system is, here’s a snippet from that spreadsheet:
How it works
Just like this:
Pick a word. Any word:
Now create some transformation rule for the word:
The first vowel is replaced with a number that most resembles it.
Apply the rule to your word to get your password:
You write down the word, then the only thing you have to remember is the transformation rule. As long as you keep that a secret, you’re solid.
Of course, you’ll want to make the transformation rule a bit more complex and fuzzy than what I showed, such as:
Replace the first syllable with ‘Smitty_Werben’
‘password‘ becomes ‘Smitty_Werbenword‘.
Stacking transformation rules
Increase password strength by stacking rules. Just don’t go overboard.
Here’s a set of rules that creates secure passwords and is easy for me to remember:
1. Capitalize the first letter.
2. Replace the third-to-last character with pagercode.
3. Replace the last two characters with ‘ManJens3n’
4. Break up any characters to their smallest character components (Eg. d → cl; w → vv).
|You record||Your password|
As you can see, even the worst possible password turns into something that would take 38 billion years to crack according to howsecureismypassword.net.
Not bad for four simple rules.
Oh, and congratulations. You just learned cryptography.
- If you’re uncomfortable using a password manager, this is an easy alternative that’s even more secure.
- All you need to remember is the transformation rule you make up (the encryption method).
- You can keep your records on paper, on your computer, in the cloud – anywhere. You can even share them with the world.