In a cybersecurity class that I took, my professor talked about finding the balance between security and accessibility. It's nearly impossible to create a system that is fully accessible while also being secure. We talked about the example of someone using the same password for all websites because it is easy to type, or using easy to guess passwords for a similar reason. This can lead to compromised security and accounts being hacked. Today, I will be sharing my tips on creating secure, yet easy to remember/type passwords that meet many security standards.
"But I want to use the same password!"
I know it can be tempting to use the same password for everything. It's easy to remember and makes logging into websites so much faster. But don't do this! If someone figures out the password to one account, then everything can be compromised. For example- if I learn the password to your Facebook account, I can then get into your email account and change passwords on other accounts too. Not good.
Some fun facts on guessing passwords
For a user that uses a password that contains a word in the dictionary, a password with 6-8 characters can be guessed by a password-cracking program in about thirty minutes. By adding things such as letters, numbers, and symbols, the time to guess a password increases to be several hours, days, weeks, months, or even years.
Creating a base password
A lot of my friends use a base password that they change for each website they go on. They add characters, symbols, numbers, and other things to make it secure. Our base password will be "frenchfries" for this example.
Adding capital letters, especially at different intervals, makes passwords more difficult to guess. "frenchfries" can be upgraded to "FrenchFries" or "FrenchFrieS", which is more difficult to guess while being easy to type.
Replace letters with numbers
Replacing letters with similar looking numbers within a word can help with security, especially if there are alternating numbers and letters. Using the "frenchfries" password, users can replace the vowels with corresponding similar looking numbers, so the password would be "fr3nchfr13s" instead. That would be much more difficult to guess, even for a machine.
Adding symbols can help make passwords more secure too. For users that use modified keyboards, pick easy to reach symbols such as periods, quotes, exclamation points, or similar. Bonus points for combining numbers and symbols. Our base password can be improved by adding just one symbol, but more is always good. Some examples are "?frenchfries", "frenchfrie$", or "french.fries".
Add an extra word or letters
Remember how a program could guess a short password in 30 minutes? Add on a few extra letters or words, maybe even creating a sentence for a password. Examples could be "omgfrenchfries" or "ilikefrenchfries".
Add the website name
Here's a cool password trick I learned to make passwords longer. Add the website name to the end of the base password so the password is easy to remember, yet different for each website. Bonus points for adding a symbol or capital letter! If I was logging into Twitter, my password could be "frenchfriestwitter" or "frenchfries.Twitter" to make it unique.
A note on password management software
There are many great password management and generator softwares, such as LastPass (website here). However, if you frequently use accounts on devices that are not your own, such as in a computer lab, I would caution against having these softwares generate passwords. Also, not all websites support these types of softwares- my bank and certain university websites do not. Creating your own secure passwords with these techniques is always a smart thing to do.
While it may be difficult to create the perfect balance of accessibility, ease of use, and security, I hope that these tips will help you to improve the security on your accounts and create better passwords that are easy to remember.
Oh, and sorry if you now want french fries after reading this post!