Download - How to create a bulletproof password
How to Create a Bulletproof
Password that You Can
Easily RememberWWW.EASYSECURITYONLINE.COM
What We’ll Cover
State of the union
4 Rules of a great password - GOAL
Examples of bulletproof GOAL passwords
Easily create your own GOAL password
The dirt-simple way to drill it into your memory
Next steps
www.EasySecurityOnline.com
2
Data is Leaked All The Time
Your credentials have already been compromised
They will be compromised again
www.EasySecurityOnline.com
3
People Use Terrible Passwords
The Top 50 Passwords according to http://wpengine.com/unmasked/
Is yours in here?www.EasySecurityOnline.com
4
People Reuse Passwords
Extremely dangerous!
If a hacker figures out your
password on one site, they
will try it on other sites
I hope you’re not protecting
anything important on those
other sites
www.EasySecurityOnline.com
5
But Good Password Policy is Too Hard
“I can’t come up with a complex password”
“I can’t remember complicated passwords”
“I can’t keep all those passwords straight”
Nonsense!
I’ll show you how to do it
First let’s understand the four rules of making a good password…
www.EasySecurityOnline.com
6
4 Rules of a Good Password – GOAL
GOAL will ensure that your password is easy to remember but impossible to guess:
G – Gibberish
O – Only you must know
A – All the characters
L – Long
Let’s understand each of these in more detail
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
7
G = Gibberish
Your password needs to look like complete gibberish
This is a large component to making a password unguessable
Password cracking software relies on dictionaries to accelerate its guesswork
If nothing in your password can be found in their dictionaries, bad guys have to brute force their guesses by changing one character at a time – and that takes time
If your password is mostly or all dictionary-based, it can be cracked in seconds
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
8
O = Only You Must Know
Your password, or any component of your password, must never be known by anybody but you. There are two corollaries to this rule:
You must never tell it to anyone. If you write it down it must be completely hidden, locked, and/or temporary.
Nobody should be able to guess or know any piece of your password. Do NOT use these, they are ALL in the dictionaries!
Pet or relative names
Dates
Songs, lyrics or bands
Famous movie or book quotes
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
9
A = All the Characters
(a-z, A-Z, 0-9, special) need to be used
Most password creation systems enforce this
The more characters from which to choose means more guesses will be required from the password cracking programs. And every guess takes time.
You want to maximize the average number of Brute Force Guesses:
Average
Number of
Brute Force
Guesses
=𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆
𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔
𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉
𝟐
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
10
L = Long!
In 2013 it took just a few hours to crack an otherwise bulletproof 8-character password
To stay ahead of cracking technology, your password needs to be at LEAST as long as the last 2 digits of the current year
In 2015 your password should be at least 15 characters long
Average
Number of
Brute Force
Guesses
=𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆
𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔
𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉
𝟐
January
2015
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
11
GOAL Examples
OK, that all makes sense. But how can I memorize this
gibberish?
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
12
The Big Secret
Complicated strings of characters are easy to
memorize if
You already know what you are memorizing
You recall those characters often over the course of
the day
These example GOAL passwords are really
encoded phrases, but you would never know it!
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
13
The Encoding
AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears
plus The Three Little Pigs
$k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal
flush in Las Vegas
Huh? How did you get that?!
www.EasySecurityOnline.com
14
AuLx&D3osoS+3lpGs
Ah, I get it!
Au Lx & D3 osoS +3 lpGsChemical
symbol for
Gold
Abbrev
for “locks”
and the Three Spanish
for
“bears”
and The
Three
Little Pigs
www.EasySecurityOnline.com
15
$k5!1n10-ArfiNlv
It’s starting to make sense now!
I want to create my own…
$k5 ! 1n 10-A rf iNlvrearranged
$5k = $5000
(wow that's
a lot of
money!)
won in a 10 through
Ace
royal flush In Las
Vegas
www.EasySecurityOnline.com
16
How to Create Your Own GOAL
Password
Brainstorm past events that practically only you would know about
Brainstorm goals that you want to achieve in the next 3, 6, or 9 months
Do this now on a separate sheet of paper
No, really. Try it!
Now pick one of your brainstormed phrases
Here’s mine for this example:
My goal is 3 sets of 50 pushups and 100 situps
www.EasySecurityOnline.com
17
Encode Your New Password to
Gibberish
Try Roman numerals for smaller numbers
Any spelled-out numbers anywhere? Translate them to
numerals: w8<, 10s, 42n8, iPh1 (weightless, tennis, fortunate,
iPhone)
Know any foreign languages? Pick a word or two and translate
it
Use the periodic table – either words or (atomic) numbers to
chemical symbols
Xprmnt w/ rmvng d vwls
www.EasySecurityOnline.com
18
More Encoding Ideas
Character Substitution ReferenceAnd & or + Or | 10 d (deca)
Is / Are : or = Above / Over ^ 100 c (cent)Isn’t / Aren’t <> or != About ~ 1000 K (kilo)
The d Wow ! 1,000,000 M (mega)Be b Too, to 2 1 billion G (giga)In n For, fore 4 micro u
With w/ ate 8 Digits <shift> digit
www.EasySecurityOnline.com
19
Example Encoding
My Phrase: My goal is 3 sets of 50 pushups and 100 situps
gl=3sPu50@+1csU
gl= 3sPu 50@ + 1c sUMy goal
is
3 sets
pushups
50 each and 100 situps
www.EasySecurityOnline.com
20
Check your work – does it meet all
four GOAL rules?
gl=3sPu50@+1csU Gibberish
Only You Must Know
All the Characters
Long (15 characters in
2015)
www.EasySecurityOnline.com
21
Memorize
OK, how do you memorize something like that?
Let’s go through the steps on the next slide
First, write down your new GOAL password on a
sticky note
Destroy all other papers
One of the most important accounts we have is our
main email account. Let’s change its password…
www.EasySecurityOnline.com
22
Memorization = Repetition
1. Login to your main email account with your old, not-quite-so-good (or really bad) password.
2. Change it to one of your new good GOAL passwords.
3. Logout of your email account and close your browser or email program.
4. Reopen your email and login with your new good GOAL password. It worked!!!
5. Turn your paper over so you can't see your new good GOAL passwords.
6. Logout and re-login to your email account. Wow!
7. Go get a drink of water and a snack - you earned it!
8. Logout and re-login to your email without looking at your paper. Could you do it? Look at your paper if you must.
9. Keep doing this - login, logout, login, logout - each time allowing for a longer and longer snack in between. Keep increasing the delay between logins.
Feeling more confident?
www.EasySecurityOnline.com
23
Congratulations!
Your email account is now more secure than 98%
of the population
This is an awesome first step!
Destroy your sticky note. Don’t let anyone find it
www.EasySecurityOnline.com
24
One Good GOAL Password is NOT
enough
You must NOT reuse this (or any other) password
Every single account needs a DIFFERENT good GOAL password
So…
How do you generate so many?
How do you keep track of them all?
www.EasySecurityOnline.com
25
More Slideshares Coming
Until then check out the Kindle eBook on Amazon.com
The easy, step-by-step way to protect your online accounts like the security professionals
You will learn
More about the GOAL method of remembering the 4 rules of a good password, and WHY each rule is important.
Two different fun methods to create good GOAL passwords, anytime you want! You’ll look at your new passwords and be amazed – nobody will ever guess these things.
Why it’s so super duper critical that you NEVER EVER use a password on more than one site.
How to identify websites that may not be protecting your account information well enough, and what you can do about it.
Easy systems to propagate good GOAL passwords to all of your online accounts, no memorization required!
www.EasySecurityOnline.com
26