A cure for Password-itis

by Michael Stearns from HEROweb on November 27, 2009

If I dare bring up the subject of “passwords” to a customer I typically get an immediate response of an uncomfortable groan or moan. With the proliferation of social media sites, web service accounts, and other logins, managing passwords has become ever more daunting.

But, as painful as they are, good password policies are the cornerstone of any  sound security program. And, if you have an Ecommerce site and are serious about PCI Compliance, you want to formulate a password policy for your business and stick by it.

Here is a simple idea to help you with creating good passwords. You can think of it as a word game of sorts.

1. Start with a group of names that mean something to you. Perhaps the characters from Star Wars. Or maybe, your past spouses (okay, that one will only work if you have had a checkered marital past!).

2. Then layer on top a group of numbers that are already etched into your mind. Perhaps it could be the birthdates of your kids. Or it could be the uniform numbers of your five favorite basketball players.

3. And then think of a substitution you can use. For example, you will replace instances of the letter A with an Ampersand.

Using this methodology, I have come up with the following password: Y69d12n03&

What is that pattern, you ask? It is my brother’s name, Andy, spelled backwards, with his birthdate interspersed between the letters. For good measure, I swapped out the A with an Ampersand and led things off with an uppercase Y.

Compare this password to something like “Andy1234” which would immediately flunk any password test. Why? Because a password with recognizable words, names, and number sequences is an easy target for a password cracking program. My more complex pattern only make sense to me.

If I used my password formula in conjunction with my other siblings’ names and meaningful dates, I could have a set of passwords that would be relatively easy for me to remember, but difficult to get hacked. The key is if I remember my formula, I can come up with a complex combination of characters without actually having to memorize a bunch of gibberish. The goal is meaningful gibberish.

Passwords and security are a dead-serious topic. But by having a little fun with your password selection you will help yourself in creating strong passwords that will serve your business well.

Previous post:

Next post: