September 19th, 2007 : Personal Password Policy
This is my article from “The Scroll” for the September 18th, 2007.
The most convenient and preferred method of protecting data today is by using a password. The problem with passwords is that good passwords are completely random, which implies they are hard to remember. Memorable passwords, on the other hand, are completely NOT random and therefore are not very safe.
Some people may not care if other people know the password to get into their e-mail account. A bad guy can’t do much damage with hotmail. However, when it comes to online banking, it is a whole different story. So the problem becomes: “How do I get a secure, (that is, random) password, that is still memorable?”
When most people are asked for a password it is almost as if taken by surprise and they usually end up using the first password that comes to mind. Sometimes it’s something terribly simple (12345) and sometimes it’s the same password that they use on all their other accounts. Both of these passwords create a problem of insecurity. Again, how can this be solved?
Enter the concept of a Personal Password Policy. The idea behind a Personal Password Policy (PPP), is simply to decide on a set method for password creation before ever signing up for an account.
The goal of a PPP is threefold. First, it is to have a ready method for creating passwords whenever password creation is required. Secondly, it is to help create a very secure password that is still rememberable (or at very least re-create-able). And thirdly, it is to give a unique password to each account applied for.
But how is a PPP created? The easiest way to explain a PPP is to give an example of how one would work.
An example of a good PPP would be as such. Take the domain name of the site where the account is being created. For this example, use Amazon.com. Then take each letter of the domain name (amazon) and move one key on the keyboard to the left to get (lnlmib). Now take the month and year of a birthday or anniversary, for this example use June (the 6th month) 1987. Then take each individual digit from the month and year (6 1 9 8 7) and add two to it to get (8 3 11 10 9). Now, merge the letters with the numbers, first a letter, then a number and so on to get l8n3l11m10i9b.
Now this is a random and nearly impossible to guess, yet fully re-create-able password that is very secure.
Note, though, that the method described here might not be the best (because everyone who has read this now knows it), but the possibilities are endless. So find a method and create a Personal Password Policy, then enjoy the benefits of added security.