How to create a bulletproof password

Download How to create a bulletproof password

Post on 15-Aug-2015

90 views

Category:

Technology

2 download

TRANSCRIPT

  1. 1. How to Create a Bulletproof Password that You Can Easily Remember WWW.EASYSECURITYONLINE.COM
  2. 2. What Well Cover State of the union 4 Rules of a great password - GOAL Examples of bulletproof GOAL passwords Easily create your own GOAL password The dirt-simple way to drill it into your memory Next steps www.EasySecurityOnline.com 2
  3. 3. Data is Leaked All The Time Your credentials have already been compromised They will be compromised again www.EasySecurityOnline.com 3
  4. 4. People Use Terrible Passwords The Top 50 Passwords according to http://wpengine.com/unmasked/ Is yours in here? www.EasySecurityOnline.com 4
  5. 5. People Reuse Passwords Extremely dangerous! If a hacker figures out your password on one site, they will try it on other sites I hope youre not protecting anything important on those other sites www.EasySecurityOnline.com 5
  6. 6. But Good Password Policy is Too Hard I cant come up with a complex password I cant remember complicated passwords I cant keep all those passwords straight Nonsense! Ill show you how to do it First lets understand the four rules of making a good password www.EasySecurityOnline.com 6
  7. 7. 4 Rules of a Good Password GOAL GOAL will ensure that your password is easy to remember but impossible to guess: G Gibberish O Only you must know A All the characters L Long Lets understand each of these in more detail Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 7
  8. 8. G = Gibberish Your password needs to look like complete gibberish This is a large component to making a password unguessable Password cracking software relies on dictionaries to accelerate its guesswork If nothing in your password can be found in their dictionaries, bad guys have to brute force their guesses by changing one character at a time and that takes time If your password is mostly or all dictionary-based, it can be cracked in seconds Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 8
  9. 9. O = Only You Must Know Your password, or any component of your password, must never be known by anybody but you. There are two corollaries to this rule: You must never tell it to anyone. If you write it down it must be completely hidden, locked, and/or temporary. Nobody should be able to guess or know any piece of your password. Do NOT use these, they are ALL in the dictionaries! Pet or relative names Dates Songs, lyrics or bands Famous movie or book quotes Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 9
  10. 10. A = All the Characters (a-z, A-Z, 0-9, special) need to be used Most password creation systems enforce this The more characters from which to choose means more guesses will be required from the password cracking programs. And every guess takes time. You want to maximize the average number of Brute Force Guesses: Average Number of Brute Force Guesses = Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 10
  11. 11. L = Long! In 2013 it took just a few hours to crack an otherwise bulletproof 8-character password To stay ahead of cracking technology, your password needs to be at LEAST as long as the last 2 digits of the current year In 2015 your password should be at least 15 characters long Average Number of Brute Force Guesses = January 2015 Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 11
  12. 12. GOAL Examples OK, that all makes sense. But how can I memorize this gibberish? Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 12
  13. 13. The Big Secret Complicated strings of characters are easy to memorize if You already know what you are memorizing You recall those characters often over the course of the day These example GOAL passwords are really encoded phrases, but you would never know it! Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 13
  14. 14. The Encoding AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears plus The Three Little Pigs $k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal flush in Las Vegas Huh? How did you get that?! www.EasySecurityOnline.com 14
  15. 15. AuLx&D3osoS+3lpGs Ah, I get it! Au Lx & D3 osoS +3 lpGs Chemical symbol for Gold Abbrev for locks and the Three Spanish for bears and The Three Little Pigs www.EasySecurityOnline.com 15
  16. 16. $k5!1n10-ArfiNlv Its starting to make sense now! I want to create my own $k5 ! 1n 10-A rf iNlv rearranged $5k = $5000 (wow that's a lot of money!) won in a 10 through Ace royal flush In Las Vegas www.EasySecurityOnline.com 16
  17. 17. How to Create Your Own GOAL Password Brainstorm past events that practically only you would know about Brainstorm goals that you want to achieve in the next 3, 6, or 9 months Do this now on a separate sheet of paper No, really. Try it! Now pick one of your brainstormed phrases Heres mine for this example: My goal is 3 sets of 50 pushups and 100 situps www.EasySecurityOnline.com 17
  18. 18. Encode Your New Password to Gibberish Try Roman numerals for smaller numbers Any spelled-out numbers anywhere? Translate them to numerals: w8