In a blog written for the New York Times, the author interviews two cyber-security experts, Jeremiah Grossman, and Paul Kocher. The author goes on to explain how these security researchers protect and remember their super complex passwords.
Grossman copies and pastes his passwords directly into and out of an encrypted USB drive. He generates a long, intricate password and stores it in the USB. When he needs to log into an account, he copies and pastes the password from the USB. This accomplishes three things:
- He never types out his account information, which means keyloggers cannot record his passwords.
- He doesn’t have to remember his passwords.
- His passwords are never stored anywhere – on the internet, on his hard drive or on a piece of paper.
Most people would never go this far to maintain a strong password; therefore, Grossman follows up with the potential of a password manager like LastPass or SplashData. These programs create strong passwords for you that you never have to remember. The downfall of password managers is that your information is still stored on the internet. If someone gains physical access to your computer, they can potentially gain access to every single password. On top of this, password managers are just as prone, if not more, to hacks than any other company, website, or individual. In June of 2015, the LastPass database was hacked. This company, in particular, utilizes a combination of hashing and salting to secure data; therefore, cracking these passwords would take significantly more work than it took to crack Ashley Madison’s passwords. But that still doesn’t ensure every account is secure.
Aside from password managers, you are only left with your mind. So the trick is to come up with a complex password that you can actually remember, which can be difficult. Grossman and Koch say passphrases are helpful, but it’s important to remember not to use the passphrase itself.
Example:
“May the force be with you.” = “m11*t33&f55^B77%W99$Y##”
Use the first letter of each word. In between each letter, put a specific quantity of characters, additional letters or numbers. You can make this easier to remember by creating a pattern. For instance, this specific example uses odd numbers and goes up by two each time. The first three letters are not capitalized and the last three are. The characters go down the keyboard starting with ‘*’ and ending with ‘#’.
You don’t have to use a password this complex for every account you have. Your passwords should always be slightly difficult to crack, but save the most intricate ones for anything that ties back to your work, your finances or your inbox.
