How to secure passwords and other critical numbers
- 25 November, 2013 17:20
One of the more frustrating exercises in using anything online is keeping your passwords safe. They have to be easy to remember and hard to guess.
Here is a trick I've used for years that seems to work for passwords, Social Security numbers, telephone numbers, birthdates and anything that needs to be safe.
Passwords: Develop a solid base password. This should be a 79 character base that has a combination of upper/lower case letters, numbers and one or two special characters. For example, the airport code for Phoenix, AZ is PHX' and a date I remember is the day JFK was assassinated, 11-22-1963.
So using that as a starting point, I can morph it a little to increase the complexity: PHX becomes PhX, and with 11-22-1963 I can substitute ! for the 1s and the # (shift 3) for the number 3. That results in a base password of PhX!!22!96#Now that you have the base password, develop a schema for any password site name. For exampleGoogle Gmail could become gml or gglgml, making my password for Google Gmail PhX!!2!!96#gml or PhX!!2!!96#gglgml. Easy to remember and difficult to crack.
Social Security numbers: I have to store lots of Social Security numbers for spouse, kids, parents, grandkids etc. There are two ways to encrypt these in plain site.
The first was is to change every other number by +1 or -1 (or any number +/-). For example, 123-45-6789 using +1 becomes 224-46-6890. Since I know the key getting back is straightforward.
The second way is to use your Social Security number with some +/- number added to numbers within your Social Security number. Lets say your Social Security number is 123-45-6789 and your spouse's number is 987-65-4321. Adding a +1 to the last digit in each results in your number becoming 124-46-6780 and your spouse's number becoming 988-65-4322. By storing both numbers you have the key to decrypting. Put your Social Security number back to the original and you know how to put your spouse's number back to the original.
The second scenario works equally well for phone numbers, addresses, lock combinations, etc.
The caveat in the first case is to keep your key to yourself and the in the second case keeping your Social Security number private.
For the most part the bad guys are interested in low hanging fruit and big fish. If the bad guys get your computer and all the information is encrypted as above there is little that can be gained. The problem is that Social Security numbers do have a way of popping up. The good thing is that correlating a Social Security number to a specific person and then decrypting the information takes time...the one thing the bad guys don't have.
Avery has been an IT professional for more than 30 years and is the Editor and Publisher of the IT Weekly Newsletter.((The Newsletter is published 48 weeks a year and each issue contains links to 40 to 60 technical articles gleaned from more than 200 online sources. Contact Avery at firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.