HOW TO LOCK DOWN

A STRONG PASSWORD
BY ADAM FUCHS

A three-step process to a lifelong feeling of online and personal security.

IT IS A PROBLEM
An article by the Australian
Government News recently
said, At least seven Western
Australian government
agencies holding sensitive
information have been found
to have sorely inadequate
database security measures,
with easily guessed three
letter passwords like DBA
still in use for some accounts
with powerful system
administrator privileges. [2]
Passwords are the padlocks of
todays world.

GET STARTED RIGHT AWAY

Hacking is becoming the newest form of vandalism. It is in many cases
untraceable, and the internet is filled with online tutorials and forums for users
to work together and practice malicious account vandalism. But much like a
burglar who will move on from a locked door to one that was left open, a hacker
will avoid very strong passwords and focus on breaching a more vulnerable
account. Everyone can benefit from setting up a stronger password right now!

COMMON MISCONCEPTIONS
Q: Why do I need a strong password?
A: When a company has their security breached, all the passwords are taken
in an encoded format. The stronger a password is, the more difficult it is to
break that code, and in some cases it is impossible with the current technology.
Q: What if my password becomes too long to remember?
A: The solution is to use a memory aiding (mnemonic) device. Below is a set
of instructions on how to set up a strong password that is easy to remember,
along with security question answers that cannot be easily socially engineered.

over 3.3 million passwords that were leaked online

throughout 2014. Damon Beres of The Huffington
Post[1]
STEP 0: DEFINE SOME TERMS

Alphanumeric Characters: Letters and numbers

Special Characters: Any characters on the computer that dont fall

under the category of letters and numbers, e.g., &, %, and #.
Social Engineering: an application of socialogical principles to solve a
problem. In this case, it is using someones social information online to
reverse-engineer a password.
[1] Bajkowski, Julian. "Password=Password?" Government News. The Intermedia Group, 05 Nov. 2015. Web. 05 Nov. 2015.
[2] Beres, Damon. "These Are The Worst Passwords You Could Have." The Huffington Post. TheHuffingtonPost.com, 20
Jan. 2015. Web. 05 Nov. 2015.

NOTE:

STEP 1: THINK IT

COMMON SPECIAL CHARACTER

AND NUMERIC TRANSLATIONS

Social Engineering is especially effective at hacking when a password is weak

and a simple phrase, like the name of a childhood friend or pet. To counteract
this, a mneummonic device is best used. In this case, a personal story acts as
the perfect mneummonic device.

Letter or
Word
And
Not
At
Number
Up
Left
Right
Star
With
Around
Is
E
S
I
T
B
O

Numeric or
Special
Translation
&
!
@
#
^
<
>
*
w/
~
=
3
5
1
7
8
0

The following story is simple, personal, and easy enough to remember:

John and I play hockey at 729 Star Hall

STEP 2: TRANSLATE IT
To translate this story, only the first letter of each word is used. Also, some
words, such as and, at, and Star are replaced by their special character
equivalents. See the Notes Section

J&Iph@729*H
Already, it is clear that the story has become some sort of password. The longer
the password (in general) the more difficult it is to crack. However, as advised
earlier, it is important to not use the same password for more than one
account.

STEP 3: DESIGNATE IT
The password created can be manipulated to differ based on which account is
being accessed. Add a term which designates the password for which account
is being used.

J&Iph@729*H@email
J&Iph@729*H.fb

CAUTION
Writing down your password on a
sticky note or a piece of paper is OK
at first. Keep it in a safe place like
your wallet. Otherwise it may be
stolen and reveal your password to
the culprit! Once the password has
been committed to memory, get rid
of it!

Password designation needs to be well thought out. The more accounts are
being used, the more difficult it may be to remember which password goes to
which login. Because the password is already easy to remember, it is OK to
write down on a piece of paper the different designators for the password.
Even if the paper is lost, it will mean nothing to the finder, because the main
password is still secure.

STEP 4: TRY IT!

Most websites like Google, Yahoo, or Facebook will ask for passwords that
include at least one letter, one capital letter, and one special character. Using
this method, the password will always be secure and fulfill these requirements!

ADDITIONAL SECURITY

TIPS AND TRICKS

Never share a password

with a friend, no matter
what circumstance! If
he or she is trying to log
into your account from
his or her computer,
that computer might be
infected with a virus
that copies passwords!
Teach children about
password safety. The
most common way for
credit card information
to be stolen is when kids
have their video game
accounts hacked, and
the account contains the
parents credit card
information!
Update passwords
frequently! Some
websites will ask the
user to do this every few
months, but it should be
done for all accounts!

The most secure websites, like email accounts or bank accounts, will always ask
the user to set up a set of recovery questions. If a password is forgotten, or
hacked, often the email with which the account has been registered may also be
breached. As a safety net, these security questions are set up to make sure the
user trying to recover the password is the owner of the account.
However, due to social engineering, these questions are actually the least secure
of all security methods. Because most questions are of the form, What is your
mothers maiden name? or What was your childhood friends first name? the
answers can be easily figured out!

TWO-STEP-VERIFICATION
When available, sign up for two-step-verification. This system will alert the user
any time someone tries to access the account from outside the original location.
This system can either be set up to inform the user by email or by phone instant
message. Although it may seem tedious, this is the most secure secondary
security method. As mentioned before, if a hacker encounters this problem, he
or she will just move on to a less secure account.

CONCLUSION
A strong password isnt an impossible to remember code. It can, in fact, be
something a story that is both memorable and, by using this three step process,
secure. The most common problem with passwords and online security is that
people are lazy and not willing to remember a complex password. This method
allows for easy memorization, and fairly easy way to come up with a password.
In some rare cases, no matter how secure the password is, an account can be
taken over. This, however, is not due to a weak password, but a different factor
like a virus.