Creating a Better Password
Now that you know what makes a strong password (read: Password Strength Tips), how do you create a strong password? Remember, a strong password is long (12 characters or more) and random.
Here at CHS, you are required to change your password every so often, and sometimes those pesky technicians will tell you to change it as well. How to keep track then!? Ideally, you want a different password for every site you log into, so if one gets compromised, it wont affect your other logins. Is your facebook password the same as your email password? If facebook gets hacked, and your password Doggy99 is easily hacked, now they have your email password as well. "So what?" you ask. Well, now they can go to other sites and click on Forgot My Password, and those sites will email them a password reset!
So we need a different password at every site. That means you may have to remember twenty or more passwords! But, fear not!
Lets go over a few systems that can help:
1) BASEWORD SYSTEM
Some people create "systems" to make different passwords for every account that are easy to remember, yet random enough to be secure.
Use at CHS
Here at CHS, you could for example, start with a base password like CHS4life, then add pre and post words/numbers depending on where you are. Start with the year 2015 and end with three letter month abbreviation when you changed your password. So it would look like 2015CHS4lifeJan. You just created a 15 character password! Then, next time you change it, say the following year in April, it would be 2016CHS4lifeApr.
Use at Home
For home use would be something like a base of UCLA98 (dont use your own school. I didnt go to UCLA which is why it is good for me). Now take the first three letters of the site you visit; Facebook. And take the last three letters; Facebook. These are your pre and post add-ons. So your password for facebook would be facUCLA98ook. Amazon would be amaUCLA98zon. This system creates a 12 character password with a baseword of 6 characters. To get even more secure. Add an @ and # (or any two special characters) before and after your baseword. So it would be @UCLA98#, then add your pre and post add-ons. fac@UCLA98#ook. Now its starting to look random!
With a system like this, you now have 14 character password, that is randomized enough to be secure, and something easy to remember wherever you go. Bank at chase? cha@UCLA98#ase. Email at google? goo@UCLA98#gle. Simple. If one password gets compromised, it doesn't affect your others.
As good practice, every year you can change your password easily, simply by changing the baseword. So the following year, change your password on Amazon to something like ama@43FISH#zon. This will secure your accounts so that if anyone did get your code and is working on cracking it, it is now changed. As you log into other sites with "UCLA98" password, just change them all to "43FISH" as you go.
2) SUBSTITUTION SYSTEM
Like the password system, above, this one uses the site name and a keyword, but then a random letter is used to replace the vowels in the two words. For instance, we take the site name of Amazon and any word we want to use as a keyword, like Sushi.
So we now have Amazon Sushi.
Now choose a random number between 1-26 to be the substitution letter. We will use 22. The 22nd letter in alphabet is V.
Now replace all vowels with the letter V = Vmvzvn Svshv
Next, replace any spaces, with the number you chose (22). = Vmvzn22Svshv
There is your 12 character password for Amazon. Vmvzn22Svshv
For facebook, just use a different keyword, but same random number.
Something like: Facebook Pickles
Replace the vowels: Fvcvbvvk Pvcklvs
Replace the space: Fvcvbvvk22Pvcklvs
And your facebook password is now a 17 character secure password: Fvcvbvvk22Pvcklvs
TIPS: Just use a keyword to make your password at least 12 characters. So if you log into CNN, use a long keyword like Meatballs: CNN22Mvvbvlls
3) TURN PHRASES INTO PASSWORDS
Turning phrases into passwords is done by creating a silly phrase that you will remember like "I ate soup with Jackie Chan and Homer Simpson in Hong Kong" then taking that and turning each word into a letter, number, or special character. So, the password for the phrase above would look something like: I8swJC&HSnHK
Another example: "Jump on purple clouds and throw five skittles at Bert and Ernie" = Jonpc&t5s@B&E
As you can see, this system creates secure passwords, but you need to have long phrases to reach the 12+ character limit, which makes it difficult to remember and have a unique password at every site. So you might need to keep notes on your passwords by just writing the first four words. For instance for Amazon, just write down beside it "I ate soup with" and nothing more. That will help you remember what password you used with what site, without revealing the rest. Then when you turn to your notes for Amazon, you will go "AH HA!" the password is "I8swJC&HSnHK".
This can be a pain, which brings us to....
4) PASSWORD MANAGERS
Password Managers are just that, they take all your passwords from around the internet and securely store them where only you can get them. They can automatically fill in your passwords when you go to sites, and even log you in automatically. Better than that, they can generate random passwords (that they will save) to make your accounts way more secure than you ever could. You could essentially create a 56 character completely random password for every site and never have to remember it.
You will only ever have to remember one single password...EVER! This is called your master password, and should be super secure! Definitely over 15 characters. Read below to see how to create a super secure master password!
DICEWARE MASTER PASSWORD SYSTEM
You roll five dice and the number is your first word. So if you roll 1+5+2+2+3 your word is brick. Second roll is 6+3+1+4+3, and your second word is viet. So and so forth, until you have 4 or 5 completely random words, like brick viet frog jot in Password Strength Tips.
Check out the diceware FAQ here
How can I use this at CHS?
This diceware passphrase is used more for master passwords in password management systems like LastPass, Dashlane, Roboform, or 1Password. This is because remembering more than a 4+ word password is difficult, and because they are difficult to remember, they should rarely be changed.
So those are a few systems to help you get started. Modify them if you wish for your own use, or create your own unique system. Lets become more secure than something like chs2011 (Oops, did I just reveal your password to the world?)