Let us be like John Lennon and imagine together for a moment. A world without locks, no need for access verification; you can just enter anywhere as you wish (and do as you please).

I bet after a moment of imagining, you will realize the inevitable pandemonium. Banks will be raided, credit cards will be maxed-out, personal files will be all over the place and security will be reduced to a myth.

The key reason we have verification processes everywhere we go is a direct result of human nature. The internet is no different in this manner.

In this article I will explore the most common security mechanism used on internet resources (username+password access verification) and I will provide you with tips that will allow you to have stronger and more secure passwords.

There are three objectives of security on Internet resources:

• Secrecy: Resources that are categorized as personal should not be accessible to all.
• Integrity: Only authorized users are allowed to change certain information. You wouldn’t want anyone to go into your facebook account and edit your profile. Similarly, banks would not want customers to be able to login and change their account balance.
• Availability: Security should not be so strong that it prevents the authorized user from gaining access. Imagine the feeling you get when you lock yourself out of your own house.

Weak Passwords

Yes there is such a thing like a weak password! According to International Business Times the top 10 weak passwords are:

A weak password is similar to building a lock that anyone can create a key for. Imagine your door had a lock that you can open with a piece of wire.

Strong Passwords

Here are some ridiculously strong passwords I came across in my career “A9#*?//g$eE“, “eT!~;;/90O_zi)” and “y^^%fgH_-;:eS“. These are not only hard to remember but it will force you to write it down somewhere and this can cause them to become less effective if someone were to find the pages that you wrote your “strong” (and hard to remember) passwords on.

Strong Passwords That Are Easy To Remember

Now consider these, “IwKu@9’0’Ct“, “MhA11WfWwAs” and “tQbFJ0t1D“. Well I don’t blame you if you think these are also hard to remember. But look at how we can now remember these cool passwords:

• IwKu@90Ct – I will kiss you at 9 ‘O‘ Clock tomorrow.
• MhA11WfWwAs – Mary had a little lamb, whose fleece was white as snow.
• tQbFJ0t1D – The quick brown fox jumped over the lazy dog.

The art of making strong passwords that are easy to remember is very simple. Construct a sentence that you can remember and then take out the first letters of the words in the sentence and be a little creative. For example the sentence (one I can remember because my mother’s name is Jean and I do love her very much), “My mother name is Jean, I love her very much” would give me a password like “Mmn!J,!1hvm”. I was a little creative here where I converted all the i’s to exclamation marks and the l’s to the digit 1. See a similar method at About.com where words are used to form the passwords.

General Password Tips

1. Create a strong password that is easy for you to remember (as described above). Strong passwords should also have 8 or more characters.
2. Avoid writing password down. Numerous times I have visited clients to see that their passwords are written on post-it notes.
3. Change your passwords several times a year. I know this sounds like a challenge but doing this can go a long way.
4. Always remember to logout of your online accounts, especially if you are using a public computer.
5. Use a different password for each of your online accounts. This may also sound like work  but if you were to lose one you will not lose all. I have seen a case where a client had the same password for her hotmail and her online bank account, she became very fearful when someone were able to get hold of her hotmail account. Get a trustworthy password manager to help you remember all your passwords. Lastpass.com offers a great tool for this.

Hope you enjoyed this. Let us hear from you. If you have an idea for a topic, let us know.

– Girendra Persaud (December 2012)

[nrelate-related]