IT’S WORLD PASSWORD DAY!

 

World Password Day

Using a password formula

I can hear you now; “wait a minute, you are the the franchise sales guys! Why are you writing about cyber security?  It’s simple; regardless of your line of work, cyber security is important to you.

If you are a franchisor, you likely protect your franchisee’s bank account information, credit card information, SSN, etc. with a password. If you are a franchisee, you likely protect your franchisor’s intellectual property, as well as your employee’s personal information, with a password.

BESIDES, IT’S WORLD Password day!

We all use them, and most people’s passwords are simply not safe. Why? There are four steps to a secure password, and I am of the opinion that, for most people, following them is impossible. This article talks about those steps, why they are unrealistic, and, most importantly, gives a solution.

So what’s the solution already?

If you don’t want a little education on passwords and some 90’s Angelina Jolie history, however, feel free to  jump down to the solution, a password formula, if you want. Also, if you want to know more about world password day, cyber security, and other things you can do to besides using a password formula, check out Intel’s World Password Day site.

 

The Four Steps to a secure password

Step 1: Make it unique

This one seems obvious, but many people don’t even take this simple precaution. How do I know? Because many hacks and password dumps have shownGod was a top 4 password in the movie hackers that the top five passwords in use today are “password”, “123456”, “12345678”, “1234”, and “qwerty”.  Now, for a little history, we can swing back to 1995 when the movie Hackers taught us that the top 4 passwords were love,” “secret,” “god,” and  “sex”.

 

Of course, clever individuals do letter/symbol or letter/number substitution, so that “password” becomes “p@55w0rd”. This was a decent solution 10 years ago. If you are relying on this, however, I have bad news for you;  these substitutions are so  common now that many dictionary hacking programs will try p@55w0rd before they try password!

Password Phrases

Now, to go truly unique, many people are recommending password phrases. A pass phrase would typically be something that is meaningful to you, but not obvious. For example, “Lightiningwonin04!” would be a secure, 18-character password. According to Online Domain Tools, this password would take a quadrillion years to hack. Not bad! Pass phrases are a good way to make a password unique. We could even spice it up a but with some simple letter/symbol substitution and make it “L!ght!n!ngwon!n04i”, and we are even more secure (even though Online Domain Tools still only gives it a 1 quadrillion year rating). There is no such thing as an uncrackable password, but an 18 character password that uses letters, numbers, and symbols and only has one actual word in it (“won”), is pretty close. You could get closer with a random string of characters, but random strings won’t likely make it past step 2.

Step 2: Don’t write it down

This one seems pretty obvious, and I won’t belabor this, but your password is not secure if you save it in plain-text on your computer, email it to yourself, or write it down somewhere that someone might find it.  So you have to be able to rember your password, pass phrase, or forumla (see below), period.

Step 3: Different passwords for different sites

Now, this is where things get difficult. On a daily basis, I typically log into 5-10 sites which might include my CRM, Google, Twitter, Facebook, Linkedin, my bank, my other bank, my utilities, etc. If I had to guess, I probably log into 20-30 sites over the course of a month. If just one of them gets hacked, and I am using the same password for the others, my entire cyber security is out the window. Does this effect you? Let me ask you a question; have you ever had an account with:

  • Yahoo
  • Adobe
  • Equifax
  • Target
  • Uber
  • Chase

If you answered yes to any of those, your email and password for that acount is likely floating the darknet right now. You should use a different password for EVERY SINGLE ACCOUNT.

Step 4: Changing passwords

How often you should change passwords is a matter of debate, but I think that you should change at least once a year, and any time there is an issue with security. Keeping the same password for longer than a year makes it more likely that your password has been hacked/dumped, you have been “shouulder surfed”, or even shared it with someone and forgot.

Really, it’s impossible

So let’s review. If you have 20 logins, you need to remember 20 unique, non word-based, less-than-a-year-old passwords. Let’s be honest, you can’t remember 20+ unique passwords that change every year. It just isn’t happening. At this point you probably think you have only two choices; compromise your security by eliminating one of the steps (most people eliminate step 3), or use a password manager. The problem with the first choice is obvious.

The problems with a password manager are numerous:

  1. One breach and someone has all your logins ad passwords
  2. You might not have access to the manager when you need it (on a different computer, on a mobile or tablet)
  3. You become complacent

The solution

So let me give you a fairly simple solution. Its called a password formula. If you have a password formula like I do, you then only have to remember one formula and you will remember every password to every site you log into. You can change your formula once a year, and you have true cyber security. I am (for obvious reasons) not going to share my personal formula, so I am going to give you an example. Here are the steps:

First

chose a symbol. For this example, we will use “!”

Second

chose the letter formula. For this example, I am going to start with the three letters of the site I am logging into (IE “lin” for Linkedin). I’ll add the first initial of my middle name, so I now have four letters (in this case lina). To make it a little more complex, add a capitalization. I will capitalize the last letter, leaving me, thus far, with  “!linA”.

The third step

is to select four non-consecutive numbers that are not specific to you (not tied to your date of birth, year of birth, kids birthday, SSN, etc). Let’s take 1928, because its really easy to type, for this example.  So now my password is “!linA1928”.

Finally

let’s select one more symbol. I am going to use “*”. By the way, for this step and the first one, avoid the at symbol and the forward slash; some password checkers don’t let you use them.Password forumula example

So my final LinkedIn password with this formula would be “!linA1928*” That is a 10-digit password that would take a few hundred thousand years for a brute-force hack. A dictionary hack would be completely unsuccessful. But I can remember it fairly easily. With this same formula, my Twitter password would be “!twiA1928*”, and my Gmail would be “!gmaA1928*”. So now I have

✔A complex password
✔A password unique to every site
✔A password that’s easy to remember
✔A password that’s easy to change

When it comes time to change my password, I can simply change the number set, the symbols, and/or the capitalization and fairly easily memorize a new formula. Also, if I have multiple log-ins, I can easily modify this formula to account for that. If I have, as an example, two LinkedIn accounts, I can either start or end the password with a number (1 for the first account, 2 for the second) or a letter (P for personal and B for business).

DON’T USE THIS PASSWORD FORMULA

That should be obvious. Don’t use this exact forumula. Come up with your own. Here are some ideas of what you can put in the formula:

  • The name of the service you are logging into
  • The URL of the service
  • The first letter of your, your spouse’s, kid’s, business partner’s, or best friend’s first, middle, or last name
  • The middle numbers of your home or work address (just not all of the numbers)
  • The area code or prefix of your phone number
  • The first or last 4 numbers of your office zip code.

I am going to give you a few more examples just so we are clear (again, don’t use any of these!).  Once you figure out the formula for each, you’ll have a better intuitive feel for a password formula.

Example 1

Gmail: $liaM6320) LinkedIn $nidM6320) yahoo $oohM6320)

Example 2

Gmail: (GmLa4207$ LinkedIn (LiNa4207$ yahoo (YaOa4207$

Example 3

Gmail: &MAIs4852! LinkedIn &LINs4852! yahoo &YAHs4852!

It’s really not difficult

As a last note, this might seem too complex or too hard to remember. But think about the passwords you are remembering now. By having a password formula, you only have to remember one password to have unique passwords to every website you log into. I think you can handle that complexity!

 

So, in honor of #worldpasswordday, create your #passwordformula, and get #onwithyourlife!