Creating Secure Passwords Part II


A few months ago on the Security Now episode 303 on the TWiT podcast  network Steve Gibson talked about a new way of thinking about passwords. Steve said entropy (lack of pattern or organization; disorder) was important but length was much more important. (As it turns out length does matter.) What this means is you can have passwords you can remember and still be secure.

My old WPA password for my wireless router looked something like this:
A 63 characters passkey with upper, lower case alpha and numbers.  Sure it’s hard to crack but it’s also impossible to remember so every time anyone came over and wanted to use the WiFi I had to find the USB stick I had it stored on, plug it into that person’s computer, copy and paste it. Of course it did not need to be 63 characters long but since I had to copy and paste it in it might as well be.

Now I use something like this:
This is a common name with upper and lower case. The 4 characters in the front, 0 in maRK0 is a zero and then 7 greater than symbols. This password is easy to remember and difficult to guess by humans and computers because they have no way to know that the password has a pattern. Sure this password is not as strong as my 63 character password but it does not need to be. In the best of circumstances it would take 1.74 centuries to crack this password. \Al9\ would take 165 centuries to crack. Although impervious to all attacks from guessing  these passwords are much easier for the person looking over your shoulder so watch for sidlers.

Check your passwords:

GRC Password Haystack

How Secure Is Your Password

How Secure Is You Password gives a different total than the Password Haystack but it’s still a very long time. I don’t thing crackers want my WPA password that bad.

You still want to use LastPass for your website logins because you want different passwords for every site. One of these passwords would be very good to use as a LastPass master password. These passwords are also good for computer logins both BIOS and Windows login.

“Off The Grid” – Steve Gibson talks about his new password solution that does not require a computer.

GRC’s Off The Grid Generator” – Generates grid used to create passwords.

I still recommend Lastpass to create and manage passwords so you can have a different password for each site.

What is Lastpass?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.