Passwords are a modern headache. If you’re like me you access dozens of systems and websites for which you need a password. There are lots of rules and advice about passwords, like not using real words or your birthday, or using special characters (!@#$%^&*), and not writing them down. If you follow all these rules and still have access to all the systems you use (i.e. haven’t forgotten your passwords) then color me impressed. That’s not easy.
In conversations with a few friends and family members I realized that there are some very good password tricks out there that don’t violate any rules or advice. In fact, they can help you adhere to them, and they can increase security (at least insofar as they can obviate the need to write down passwords, if not in other ways).
Expiring Passwords. Ever had a nice password that you found easy to remember and then been forced to change it because it has expired? Some systems won’t let you reuse an old password or require you to change your password every so often (quarterly or annually are common durations).
Here’s my trick for dealing with that situation. Add a time stamp to the end of your password. So, if your password is “foobar” use “foobar094” where the “09” part is the two digit year and the “4” part is the fourth quarter, or fourth one in that year. To increase security of your password, separate the stub (my term for the “foobar” part) from the date stamp with a special character, as in foobar@094.
I’ve yet to encounter a system that did not permit this type of password recycling. It is an easy way to recall your password since the stub never changes and the date stamp is self-evident. One can argue that this makes your passwords less secure because, while they change, they do so in predictable ways. Maybe so. However you can mix it up by putting the date stamp in the middle or even splitting it, like so: “09foobar4” or “foo$094$bar”. The last of these may be the strongest. I’m just guessing.
So long as you use a consistent system for the time stamp you should be in compliance with password rules and easily recall your password.
Security Questions. Security questions are those questions systems ask you as a backup way to identify you. “What was your first school?” “What was the name of your first pet?” are two examples. I don’t like security questions that are preset. I prefer ones I can make up myself (some systems allow this). In fact security questions are not that secure since the answers are often in the public domain. That’s especially true if you post details about your life on Facebook or your personal website or elsewhere.
However, you can make those security questions more secure by using them as a secondary password. Instead of answering “What was your first employer?” with the truth (like “Bear Stearns”) you can anwer with a password-like string, such as “ickyboo.” You can use that password-like string for every security question on different sites. You will not have trouble recalling it if it is a meaningful password to you. Meanwhile, nobody is going to guess it if it isn’t a real answer to the question posed. I can’t see how this fails to enhance security.
Do you have any password or security tricks to share? If so, please do so. Do you think I am wrong in suggesting that the above ideas increase security (or at least do not decrease it)? If so, please explain.
