Write down your passwords

This is weird, but I have to agree.

According to security specialist Steve Gibson in episode 4 of the Security Now Podcast with Leo Laporte, it’s actually a good idea to write down your passwords.

Now this ain’t something you hear everyday.

Why is it a good idea?

People who prefer not to write down their passwords end up choosing rather bad, low-security passwords.  And they also tend to re-use these across the numerous sites they visit.

Some people I know use their first names, or their birth-dates. I used to look at words I see in front of me while at my workstation, like my monitor brand. Not a very good idea.

It’s not exactly cool to just write down your passwords on Post-Its and stick them onto your monitor.  But you can write down reminders for your password combinations and stick them in your wallet, where, after all, you also keep stuff you’d prefer to be secure at all times–like your oodles of cash or stacks of credit cards.

What Leo and Steve suggest is that you formulate your own password mnemonic which you would then apply to each individual website. You would then append, pre-pend, or intersperse these within the characters of a “base” password, and voila! You have a password likely to be more secure than just a base.

Make sure your “base” password is in itself secure enough, which may entail consisting not only of letters, but a mix of letters, numbers, and even punctuations.

An easy way to convert words would be doing it the “script kiddie way” or using leet speak.  So if I use the word angelo as a base, it can be, for instance, be converted into @ng3l0.

Then I can add my own mnemonic for my frequently-visited websites. Take Gmail, for example. Say my mnemonic is appending the first and last letters of the website name, then my password will be @ng3l0gl.

Here’s something not found in the dictionary, which is a common source of word combinations malicious hackers use in brute-force attacks. And if I stick a card with a reminder of how I formulate passwords into my wallet, then it would be difficult for just anyone to understand. For example, I may write down “base plus first and last” and just anyone else won’t have a clue.

Try it. You’ll get to sleep more soundly knowing your online information is safer.

For more technology news and gadget reviews, follow us on Facebook, Twitter and Instagram
  • uplink

    meh.. my base pw is 8 char long and encrypted it to md5 to use it as my pw.