Chris' Guide to good passwords

Granted, this page has nothing whatsoever to do with beekeeping.  But since this site uses a userid/password for the "Member's Only" section, I figured this was as good a place as any to give some quick tips for creating passwords on websites.  This is based on the fact that "Chris Barnes" spent 40+ years as a Information Technology Administrator - it was his profession. 🙂

The FIRST think you need to do is think about all of the places you go that make you use a password.   On some sites, the password really does matter while other places it is far less important.  You will need to differentiate between the websites you visit.  They basically fall into 3 categories (at terms of the security required for the password to use the site).

  1. Things that involve HIGHLY sensitive information.  I strongly suggest that for these sites, you actually use a password that really is STRONG.   Not only should the password be strong, but it should be a password you use only on that one site.  An example of sites that need this strong password are your online bank accounts, investment accounts, or anywhere that maintains private information (medical, social security, etc).
  2. Things that have "kind of" sensitive information.  The membership list of this website falls into this category - we don't want to open up the names, addresses, & phone numbers to just everyone in the World Wide Web.  So we restrict it to club members only.  For this kind of site, you should use a password that is "pretty good" - but you can use this same "pretty good" password on every other similar site.  Which is nice for you since that means you don't have to remember hundreds of passwords.
    Facebook would also fall into this category (most people don't keep really sensitive information on their FB account).
  3. Then there are websites that require a password where it just doesn't matter if people can hack in or not.  For these sites, you can use any dumb password you like.  It is what I call my "universal stupid password" (can I trademark that phrase?).

Let's deal with the last one first (since it's the easiest).   For my "universal stupid password", I pick a short word or phrase I can easily remember, then go ahead and use mixed case and a number.  For example:  HoneyB33.  It's complex enough that no stupid site will ever reject it, but it is very easy to remember.

Note that this is also good enough for most of the sites in the 2nd category...

 

What about when you need a secure password - How do you create the password for #2 above?  I.e. one that is both "secure" and "you can remember"?  For me (the gospel according to Chris), there is really one trick:

It should be at least 12 characters long (and preferably 16+ characters long)

Yes, it should have those "other characteristics" too (mixed case, numbers, & special characters). But total length is really, REALLY important.  The reason for this is that password strength is a function of the number of possible characters raised to the power of the length of the password.   By using a longer password, you are changing the exponent.

The good news here is that if you get to 16 characters by simply using a phrase instead of a word, this means your password will be MUCH easier to remember.  And if you then throw in some upper case letters and numbers, you will have a nearly perfect password.

For example:   MyAnn!versaryI$August15

That is a password that NO system in the world could ever crack.  Yet it is very easy for me to remember - it contains only 2 special characters (and they are easy to understand replacements for the letters).    And that comes with the side benefit that I don't make my wife angry once a year!