It’s easy for service providers to ask their users to use secure passwords. After all it is the user who is supposed to remember it. Obviously it is better for everyone if secure passwords are being used everywhere, but for many 
people it represents an annoyance to use a password like “237IMBd!” instead of “pizza”. However, there are plenty of ways making it easier to remember secure passwords – and some of them even add a little bit of fun to the process ;-) I would like to explain my personal way of generating and using secure passwords as an inspiration to figure out a way that works for you, and moreover, actually start using secure passwords.
1) Create a good base password: You should have a strong password as the base for your password creation as well as a phrase/story/memory that makes it easy for you to remember/recreate the password. For example it should be pretty easy for you to remember that “July 23rd is my birthday!” which could be transformed into a secure password like “J23IMBd!”. Phrases like this are called mnemonic and there even are generators on the web to create examples for you. Now the secure password no longer seems so hard to remember, huh?
Even though it is unlikely that your password will be hacked when using a strong password like the example above, it is still possible. So let us assume your FTP account password was obtained by a hacker. Obviously remembering a secure password for each individual account/service you are using online is pretty hard – even though you use good helping phrases. However, there is a little trick, which step 2 is all about:
2) Add a service-based part to you base password: You should never use the same password accross multiple services, because in the event of one service being exploited, it will automatically provide access to everything else. To make it easy to remember, but yet secure at the same time, I suggest using the base password with an added service-based part. For instance my email account password could be “J23IMBd!email”, “EmailJ23IMBd!”, J23IMBd!_email”… I guess you see the point! Thereby you use very secure passwords for all services you use, they are not identical, and they are easy to remember at the same time.
The above are only examples, and there really is no right or wrong way to do this, as long as the result is the use of secure passwords. It also decreases the risk of having passwords guessed when everyone is using a very personal process creating them. It is a bit like using the same base recipe, but adding different spices in varying amounts: There are an unlimited amount of options how the meal tastes in the end (and maybe that’s why adding a custom string to the encryption process is called adding salt…).
“Yeah, thats fine, but I have no idea what a secure password actually is supposed to look like?” Well, in my opinion there really is no other definition than as many characters/numbers/signs as possible, the better it is. As a rule of thumb your base password as described above should not be less than 8 characters, and it should include both big and small letters, as well as digits and special signs.
I strongly advise you to use secure passwords everywhere – not only for your hosting account – and hope that this article can inspire you to rethink your passwords, if you are not already using secure ones.
No comments yet (leave a comment)