Post to Windows Topic
Creating a user account and password is the basic requirement for many online services and mobile apps. It could be easily messed up when you are using hundreds of apps/services at the same time. Hence, forgetting password is a common issue in our daily life. You will be locked out of computer, smartphone or apps when the password is lost.
Another issue about password is that it could be stolen or breached by hackers. This would be a huge threaten to your asset, such as credit card or personal data. So it is very important to build a strong password with certain rules, which is not easy to forget.
This is a common method to create safe password for various websites or apps.
Simply put, The password is combined with fixed and unfixed part. And connect both parts with a special character.
Unfixed part + special character + fixed partFor example: Amzn*3321
The fixed part is digital numbers and special character. You can take any combination of numbers, which has a special meaning for you and most importantly easy to remember, such as birthday, social security ID, rom number, library ID, etc¡ However, don't use simple number combination such as 123, 123456, which could be hacked in seconds.
Why adding a special character? Because it is more secure as it has more than 20 variations. You can pick it from @, *, & or others you prefer to use.
The unfixed part is the characters. Why? It is hard to find rules when the number changes because they don't have any meaning. However, the character is different. You can use different characters or words to represent a website or service, such as google, apple, facebook. You can name it according to your preferences.
The above rule can be used to set a strong and unique password for different services. And there is no repeat for each of them because the unfixed part is always changing. For example, put fixed number (27821) at the end and put characters at the frond. Connect both parts with a special character (*).
For Google.com: goog*27821
For Apple.com: appl*27821
For Instagram: inst*27821
As one of most common used password settings, this type of password is good for ¡®lazy' people, who don't want to change password frequently and refuse to set different passwords as it takes time and easy to forget. However, the above rule is secure enough in most of cases.
Please take a look at this group of password: goog*278213234, appl*278212234, inst *278211234
Sounds familiar, right? Yeah. This is an upgraded version of Level 1. The front part is the same as the examples we show in prior part. The difference is that we embed a passbook, which you can build by your own.
In horizontal axis, we use ABCDE in order. And write a set of random numbers in vertical axis (such as 1234, 2234, 3234). After that, enter a category name for the same type websites or apps, such as social (Facebook, Twitter, Instagram), Shopping (Apple, Amazon, eBay), productivity (Microsoft, Google).
You can add as many as categories as you like. It is hard to break such this type of password variation by hackers as it looks like no rules. In fact, it is a ruled password according to your own settings.
Let's say if Level 1 password setting is corresponding to 8-bit encryption, then Level 2 is 128-bit for sure. So it is 10X safer than level 1. However, you should create your own passbook and keep it in a safe place.
Currently, I am using Level 2 to create password for different websites. However, I have to take additional step to backup and manage my own passbook. First, set an open password for Excel passbook. Secondly, make a backup of passbook in an encrypted USB flash drive. The file is only accessible when the encryption password is granted. Thirdly, sync the password to my NAS. Lastly, put the file in secure app with password access on my smartphone.
Each time the original passbook file is modified, it will be synced to my backup location at the same time. This will make sure you won't have any chance to lose the passbook.
This something only happened in movies! Your password is set according to the words in a specific location of a book. This type of password is impossible to be cracked. It is secure enough for Level 2 type password. However, it is still not in the same level when compared to this one.
This is extremely useful for important staff.
How does it work? First, determine which book you want to take the password from. Second, keep a copy of password rule for each website. For example:
Google: 132-21-1 27-11-3 216-23-09
Google is the website or app name. The password consists three parts. The first number of each part is the page number in a book. The rest goes for line number and word number in a line. 132-21-1 says page 132, line 21 and the first word of line 21. Now take the first three or four characters from the word. You can make your own definition. Lastly, combine the characters from three parts and make it in a new password.
2-Step Verification is the additional layer for granting access to a website or application. When 2-Step Verification is enabled, you have to provide login password as well as another piece of confirmation code (usually one-time security code sent to your cell phone) before getting into the website or application. With this electronic authentication method, even the hacker is able to hack your password. He or she still does not have the access to your account because the 2-Step verification code is sent to your cell phone. Please turn on 2-Step Verification when the website or application has this option available.
Q: I always keep my passwords safely and they are hard to remember. Can my password be cracked?
A: Now, most of password breaches are through web attacks. Big websites have solid protection system. However, this is not the case for small websites. Attackers can get your personal information by hacking into those websites. Your password would be easily cracked if you only used the same simple password.
Q: I am an individual user and my information is useless. So the hacker won't target on me?
A: Even a single piece of information has its own value and many malicious people make a living by selling it. You receive spam call or email from time to time, right? That's part of the game. Your personal information will be fallen into different hands once it is stolen. Someone will clean up the data, extract the value content and sell it to others and others.
Q: Some of the websites not allow special character in password, how to handle this?
A: A single rule can not be applied to all cases so there are exceptions all the times. What you should do it mark them as special cases and set a different password for it or only remove the special character from ordinary password. That's!
This article is only my own view of creating safe password. Hope this will do some help for you. The key point is to find a rule for passwords and keep a backup in a safe place. Though there are many password managers, I am more willing to do it by my own.