03) Passwords, how long should they be & how to make them “complex”. Complex does not need to be difficult

PASSWORDS, HOW LONG SHOULD THEY BE, AND WHAT IS A COMPLEX PASSWORD?

You’ve probably heard to not use anything obvious in a password such a kid’s or grandkid’s name or birthday. I say hogwash, use them. It helps make your passwords easier to come up, and easier to remember? Complex password can be really hard to remember but what if you used something simple and easy to remember and applied a few tricks to make it complex? The trick to passwords is length and complexity. And I’ll go over how to make your easy-to-remember password complex, but easy to work with.

If your computer or phone were able to remember every password, including the one you use to login to your device, long impossible to remember, impossible to type, passwords would be fine. I like to use passwords that if needed, I can type it in.

I’m going to show you two examples of putting together passwords and the thought process I use. I’ll show you how to make a complex password out of a name and birthday and how to make one from a funny word phrase. I find that what is considered to be a truly complex password, like the self-generated ones you may see on a website, are impossible to remember and hard to even write down without a transcription error. 

You can have some fun and be creative with passwords. My son used to have a password for his wireless Internet, know as WiFi, with one long word fourwordsuppercase, that’s “four words upper case”, all in lower case letters. It was always funny when he had to tell someone the password. That password is fun but not complex. In a bit we’re going to take that funny word phrase, make a few simple changes, and create a password that is quite complex. But it won’t be complex to you because you’ll know the secret behind it’s creation.

It’s recommend that passwords be at least 14 characters long, and they can be much longer if you want, but 14 is great. My son’s password was 18 characters, but not complex. Lets see what we can do to his password to make it complex. Now keep in mind, a WiFi password is something you may share with guests in your house, so making a WiFi password too complex can get annoying.

The complex passwords I am showing you how to create will be great for your computer login and the same ideas can be used to create your bank and other website logins. We are speaking here about passwords for things that must be super secure, not your home WiFi password for you wireless Internet connection. Please don’t get me wrong, that should have a secure password, but having something you can easily share with a guest should be considered, and don’t make a password you would not want a guest to have. Like don’t make it the same as your bank login.

For a WiFi password used at home, I don’t think my son’s password would cause any issues. The length alone helps quite a lot and I doubt his neighbors are pounding away trying to break into his Internet connection as they probably have their own. But this also assumes your neighbor is not an ill intentioned computer hacker looking to do damage. So still add some complexity to your home WiFi connection. A final note on this, your Internet provider probably supplied you with a device with a preassigned WiFi password. You are able to change it so you’re not stuck with the difficult random character password they assigned.

Lets start with his word phrase fourwordsuppercase as a password and apply some complexity rules that I made up:

1) make all letter o a 0 (zero) instead
2) make all letter s a $ instead
3) change all remaining vowels to UPPER CASE letters
4) add 2 special characters $! to the beginning
5) put #0925# on the end. The 0925 is not a random number, it’s an easy to remember birthday, the # special characters help add a lot of complexity

Did you notice I use like-looking letters, number and symbols in what I swap. For instance, letter o and 0 look alike, s and $ look alike, so they are easy substitutions to remember. Another I use is swapping the number 1 or the letter l for an ! I keep my swapping to what I’ll be able to figure out should I lose a password while on the road away from my cheat-sheet of saved passwords.

These simple substitutions make things difficult for a hacker. They also know to use these rules, but the more you spread things out, add the stuff to the beginning and end, your password becomes quite complex even to a hacker. You may hear that making these simple substitutions is no longer considered secure, but that makes a huge assumption the hacker has some idea of what to start with, such as names and birthdays. And even if they do have that information, my rules will still confuse them.

I’m going to be addressing this exact topic in Chapter 05 on social-media security, such as when commenting on a facebook™ post. And again, if you apply several rules like I have outlined, this is far more advanced than what is considered simple substitution.

A quick note on names and birthdays when it comes to social-media such as facebook™. You may see what seems like a silly fun question like:
“Lets compare kid’s names, what are your kid’s names? I’ll accumulate and tally the answers and tell everyone the most popular names. Won’t this be fun?”
This is a very DANGEROUS question and not cute at all!

These questions are posted by bad people specifically to build a dossier on unsuspecting people, such as you, to try and help figure out passwords. Please don’t ever respond to these posts, or just make up fake answers.

I’ll speak about this in detail in Chapter 05 on security when using social-media. Even posting your kid’s names and birthdays on a facebook™ post can be considered a real security flaw. I’ll show you how to properly secure your facebook™ account to make doing this safer. Chapter 05 will speak all about social-media security, so please be sure to read it.

If you use a good combination of tricks and use a good long password, the chances of your password being hacked are quite slim. But you do need both, length and complexity.

Here’s another example:

Lets say you want to use your granddaughter Louisa’s name and her birthday 11/5/2001. So you could start with louisa110501.

Now lets add similar complexity rules:

1) 0 (zero) instead of letter o
2) Letter o instead of 0 (zero)
3) ! instead of 1
4) $ instead of s
5) cap Z for lower case a
6) remaining vowels change to UPPER CASE
8) $! or money-bang added to the beginning
0) !!5! added to the end, just something random

So now what started as: louisa110501
is now: $ ! l 0 UI $Z !! o5o !!! 5!  (spaced for readability)

Remember, bang is just techie-talk for an exclamation point. I think computer programmers just got tired of saying such a long word so they shortened it for convenience.

Here’s a quick trick as most won’t understand it, if you are creating a password hint, if you need to remember it’s an ! in your password, use the word bang in your hint. Most reading the word bang would not think of it as meaning an !

So if you need to remember louisa! your password hint could say “l bang”. That may not seem like good security but realize this was a short not complex password that I made up just for a simple example. Don’t ever make your password a simple lower case word with just one special character like that, it’s not at all secure.

The original phrase and the resulting password look nothing like each other, but taking a name and a birthday you won’t forget, apply a rules, add a couple random items at the beginning and end, and you’ll have an awesome long complex password. And if you just change the junk at the end you can easily vary your password so you don’t use the same one everyplace. For instance, the !!5! can be !!6!, or !!7!, you can vary any part of the password, but just making a minor change at the end is an easy way to have many passwords that are mostly the same.

Now you have a simple method to create more complex passwords that are hopefully not too hard to remember, but since the rules are easy, you should always be able to figure out your password if needed. I still suggest keeping a secure list of your passwords. This is discussed later in the book.

When logging in to your computer you’ll need to enter your password as that one can’t be memorized by the system like you can do on websites, you’ll have to know it. Windows however allows you to assign a short and simple PIN # to make logging in a snap, I’ll be going over that in Chapter 04. You’ll still need to setup your complex password but logging into your system won’t require it. You will be able to login to your computer with your simple PIN #.

Your web-browser can remember your Internet passwords and it’s ok save them like that. If you are the only user on your computer at all times you’ll be fine. If you share your computer with others, be sure you read Chapter 02 about user security issues on shared computers.

RECAP

Some great password stuff for sure. Now you have some ideas how to create a long complex password without going bonkers over it. You know adding some special characters at the beginning and end, changing some stuff to upper and lower case, and swapping a few things like s and $, you can make a super complex password that’s not that complex to you because you know how it was put together.

YOU ARE DOING GREAT – and remember, ask questions, I do not allow frustration!

QUESTIONS & ANSWERS

Have a question on this Chapter? See the section below, ‘Submit a Comment’. Chances are, someone else probably has the same question. And, I may see a question and realize I need to simplify or rewrite something for clarity. Since this is not a hard printed book, updates are easy. If you would like to see a specific topic discussed, use my ContactUs form and let me know.

Always remember my favorite line:

“There are no silly questions, only silly answers.
And an answer without a question is only a statement”.
Mayor Adam West™,