Transcript

How to Create a Bulletproof

Password that You Can

Easily RememberWWW.EASYSECURITYONLINE.COM

What We’ll Cover

State of the union

4 Rules of a great password - GOAL

Examples of bulletproof GOAL passwords

Easily create your own GOAL password

The dirt-simple way to drill it into your memory

Next steps

www.EasySecurityOnline.com

2

Data is Leaked All The Time

Your credentials have already been compromised

They will be compromised again

www.EasySecurityOnline.com

3

People Use Terrible Passwords

The Top 50 Passwords according to http://wpengine.com/unmasked/

Is yours in here?www.EasySecurityOnline.com

4

People Reuse Passwords

Extremely dangerous!

If a hacker figures out your

password on one site, they

will try it on other sites

I hope you’re not protecting

anything important on those

other sites

www.EasySecurityOnline.com

5

But Good Password Policy is Too Hard

“I can’t come up with a complex password”

“I can’t remember complicated passwords”

“I can’t keep all those passwords straight”

Nonsense!

I’ll show you how to do it

First let’s understand the four rules of making a good password…

www.EasySecurityOnline.com

6

4 Rules of a Good Password – GOAL

GOAL will ensure that your password is easy to remember but impossible to guess:

G – Gibberish

O – Only you must know

A – All the characters

L – Long

Let’s understand each of these in more detail

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

7

G = Gibberish

Your password needs to look like complete gibberish

This is a large component to making a password unguessable

Password cracking software relies on dictionaries to accelerate its guesswork

If nothing in your password can be found in their dictionaries, bad guys have to brute force their guesses by changing one character at a time – and that takes time

If your password is mostly or all dictionary-based, it can be cracked in seconds

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

8

O = Only You Must Know

Your password, or any component of your password, must never be known by anybody but you. There are two corollaries to this rule:

You must never tell it to anyone. If you write it down it must be completely hidden, locked, and/or temporary.

Nobody should be able to guess or know any piece of your password. Do NOT use these, they are ALL in the dictionaries!

Pet or relative names

Dates

Songs, lyrics or bands

Famous movie or book quotes

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

9

A = All the Characters

(a-z, A-Z, 0-9, special) need to be used

Most password creation systems enforce this

The more characters from which to choose means more guesses will be required from the password cracking programs. And every guess takes time.

You want to maximize the average number of Brute Force Guesses:

Average

Number of

Brute Force

Guesses

=𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆

𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔

𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉

𝟐

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

10

L = Long!

In 2013 it took just a few hours to crack an otherwise bulletproof 8-character password

To stay ahead of cracking technology, your password needs to be at LEAST as long as the last 2 digits of the current year

In 2015 your password should be at least 15 characters long

Average

Number of

Brute Force

Guesses

=𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆

𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔

𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉

𝟐

January

2015

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

11

GOAL Examples

OK, that all makes sense. But how can I memorize this

gibberish?

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

12

The Big Secret

Complicated strings of characters are easy to

memorize if

You already know what you are memorizing

You recall those characters often over the course of

the day

These example GOAL passwords are really

encoded phrases, but you would never know it!

Example GOAL Passwords

AuLx&D3osoS+3lpGs

$k5!1n10-ArfiNlv

www.EasySecurityOnline.com

13

The Encoding

AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears

plus The Three Little Pigs

$k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal

flush in Las Vegas

Huh? How did you get that?!

www.EasySecurityOnline.com

14

AuLx&D3osoS+3lpGs

Ah, I get it!

Au Lx & D3 osoS +3 lpGsChemical

symbol for

Gold

Abbrev

for “locks”

and the Three Spanish

for

“bears”

and The

Three

Little Pigs

www.EasySecurityOnline.com

15

$k5!1n10-ArfiNlv

It’s starting to make sense now!

I want to create my own…

$k5 ! 1n 10-A rf iNlvrearranged

$5k = $5000

(wow that's

a lot of

money!)

won in a 10 through

Ace

royal flush In Las

Vegas

www.EasySecurityOnline.com

16

How to Create Your Own GOAL

Password

Brainstorm past events that practically only you would know about

Brainstorm goals that you want to achieve in the next 3, 6, or 9 months

Do this now on a separate sheet of paper

No, really. Try it!

Now pick one of your brainstormed phrases

Here’s mine for this example:

My goal is 3 sets of 50 pushups and 100 situps

www.EasySecurityOnline.com

17

Encode Your New Password to

Gibberish

Try Roman numerals for smaller numbers

Any spelled-out numbers anywhere? Translate them to

numerals: w8<, 10s, 42n8, iPh1 (weightless, tennis, fortunate,

iPhone)

Know any foreign languages? Pick a word or two and translate

it

Use the periodic table – either words or (atomic) numbers to

chemical symbols

Xprmnt w/ rmvng d vwls

www.EasySecurityOnline.com

18

More Encoding Ideas

Character Substitution ReferenceAnd & or + Or | 10 d (deca)

Is / Are : or = Above / Over ^ 100 c (cent)Isn’t / Aren’t <> or != About ~ 1000 K (kilo)

The d Wow ! 1,000,000 M (mega)Be b Too, to 2 1 billion G (giga)In n For, fore 4 micro u

With w/ ate 8 Digits <shift> digit

www.EasySecurityOnline.com

19

Example Encoding

My Phrase: My goal is 3 sets of 50 pushups and 100 situps

gl=3sPu50@+1csU

gl= 3sPu 50@ + 1c sUMy goal

is

3 sets

pushups

50 each and 100 situps

www.EasySecurityOnline.com

20

Check your work – does it meet all

four GOAL rules?

gl=3sPu50@+1csU Gibberish

Only You Must Know

All the Characters

Long (15 characters in

2015)

www.EasySecurityOnline.com

21

Memorize

OK, how do you memorize something like that?

Let’s go through the steps on the next slide

First, write down your new GOAL password on a

sticky note

Destroy all other papers

One of the most important accounts we have is our

main email account. Let’s change its password…

www.EasySecurityOnline.com

22

Memorization = Repetition

1. Login to your main email account with your old, not-quite-so-good (or really bad) password.

2. Change it to one of your new good GOAL passwords.

3. Logout of your email account and close your browser or email program.

4. Reopen your email and login with your new good GOAL password. It worked!!!

5. Turn your paper over so you can't see your new good GOAL passwords.

6. Logout and re-login to your email account. Wow!

7. Go get a drink of water and a snack - you earned it!

8. Logout and re-login to your email without looking at your paper. Could you do it? Look at your paper if you must.

9. Keep doing this - login, logout, login, logout - each time allowing for a longer and longer snack in between. Keep increasing the delay between logins.

Feeling more confident?

www.EasySecurityOnline.com

23

Congratulations!

Your email account is now more secure than 98%

of the population

This is an awesome first step!

Destroy your sticky note. Don’t let anyone find it

www.EasySecurityOnline.com

24

One Good GOAL Password is NOT

enough

You must NOT reuse this (or any other) password

Every single account needs a DIFFERENT good GOAL password

So…

How do you generate so many?

How do you keep track of them all?

www.EasySecurityOnline.com

25

More Slideshares Coming

Until then check out the Kindle eBook on Amazon.com

The easy, step-by-step way to protect your online accounts like the security professionals

You will learn

More about the GOAL method of remembering the 4 rules of a good password, and WHY each rule is important.

Two different fun methods to create good GOAL passwords, anytime you want! You’ll look at your new passwords and be amazed – nobody will ever guess these things.

Why it’s so super duper critical that you NEVER EVER use a password on more than one site.

How to identify websites that may not be protecting your account information well enough, and what you can do about it.

Easy systems to propagate good GOAL passwords to all of your online accounts, no memorization required!

www.EasySecurityOnline.com

26


Top Related