Problems with existing strong password rules and how to fix them

How to create strong passwordsCredit: self

Of course you want all of your computer accounts to be as secure as possible. Part of the way this is done is with an account password. Some systems require you to have a strong password while others don't. Naturally, you know that you should use a high level of security even if the system doesn't require it. Studies have shown that many people have simple passwords, (1234), where systems allow it. Many systems require passwords to comply with extensive rules designed to enforce strong passwords. Banking, stock brokerages and insurance sites are most likely to demand that passwords follow the most rules. Your choice may have to:

  • be of a certain length, typically 6 or even 8 characters long
  • be made up of mixed lower and upper case letters
  • contain at least 1 number
  • contain at least 1 special character, (#,$,%,(,etc.). Sometimes certain special characters are not acceptible, however.
  • not match a word, or even part of a word, that is contained in an English dictionary
  • not be a password, or close match to a password, that you have ever used before

By complying with all of these rules, you may find that your password is very foreign looking. It will likely be very hard to remember. It fits the criteria specified for a strong password, however. If it can't be remembered, though, there is an excellent chance that it will be written down on paper or stored in a computer file or even emailed to a different address. Once any of these actions are done, the security of the strong password drops to the level of the paper, computer file or email account used. This may be substantially less secure than the security level of the strong password and the computer system to which it applies.

There are more secure storage methods that can be used for all of the secure passwords that a person might have. These include protected digital wallets, secure memory sticks, encrypted disk files. Some users may use these to save their passwords but most people don't. It's not even expensive or time consuming to do so. Users often just develop bad habits that they think are fairly low risk. Unfortunately, the compromise of a strong password is actually a big danger when you consider that the protected system may involve the financial or social reputation of the user.

Luckily, you can establish strong computer system passwords that will comply with any security rules that are implemented. You can have a password that is long enough, has numbers, special characters, mixed case and anything else required. You can also customize the password so that in addition to being as secure as possible, it is easily remembered. Your methods will differ from those used by others so the passwords you create will be strong and unique.

Here are some tricks to ensure that your password meets the secure rules but is still yours and is easy to remember:

  • Always create passwords that are 8 characters long. 6 is often not good enough.
  • If you are setting up a password for Infobarrel, for example, take the last 5 characters of the site name and reverse them like "lerra". This will be your root for your secure password. You can always remember that your root is the last 5 characters, reversed. Here is what your roots would look like for these systems:
    • Infobarrel - lerra
    • Squidoo - oodiu
    • Facebook - koobe
    • Google - elgoo
  • Capitalize the first letter of the root, making it "Lerra", "Oodiu", etc. Now you have mixed case letters automatically.
  • Add an underscore character, "_", making it "Lerra_", "Oodiu_", etc. Now you have a special character.
  • Add a number, perhaps you favorite 2 digits, making the new password "Lerra_99", "Oodiu_99", etc. Now you have numbers as well.

With these customizations in place, you have a password that is 8 characters long, has mixed case letters, a special symbol and numbers. It is also easy for you to remember, as long as you use the same root selection method, (last 5 characters, reversed). You can return to a system that you have not used in a long while and you will easily be able to enter the password that pertains to the site.

This strong password generator can be further customized to fit your needs. Obviously if millions of people start using "Koobe" as the first 5 characters of their Facebook password, the security of each user is only applicable to the last 3 characters. While this is not a huge risk, it does lessen the security. To counter this risk, you may choose to capitalize an alternate letter like the second one or the last one. Now "Koobe" can be "kOobe" or "koobE" for your root. Whatever you pick, however, you must remember for all of your root passwords. If you capitalize the first letter, always do so. Don't capitalize the first for one system, the second for another, the third for another. If you do, you may have difficulty remembering the variations.

Sometimes you may find that a system doesn't need to include mixed case letters. You should still use them yourself. Those systems that don't enforce the rule will ignore your upper case letter. They think that "Lerra" and "lerra" are the same word. No matter. If it makes it easier for you to remember, then use the capital letter all the time. There are likely no systems that disallow upper case letters.

In the future, the prospect of strong passwords for computer accounts may become unnecessary. In fact, back in the 1980's, one computer game would ask various questions of users in order to determine access rights. The same could be done now and the results would be much safer than the best passwords of today. The key could be with secure questions, rather than password rules. A user could load up 5 to 10 secret questions. "What was the name of your first dog?". "Where was your father born?". "What is the middle name of your oldest sibling?". Those types of questions are particularly secure because they are quite unique to the person, (or at least many of them should be). There can be several of the secret questions. The answers to the questions are likely not written down. Most importantly, the authorized user is unlikely to forget the correct answer. This makes the security system both secure and less prone to intervention by email or helpdesk systems. Some banks already employ this security method although it is usually in addition to passwords, not instead of them.

When it comes to creating secure passwords, the rules are in place and we have to live with them. By using your own root word generator and particular additions that only you know, you have the opportunity to create very strong passwords that are easy to remember. It's the best way to implement security for yourself.