Those were the magic words that Ali Baba overheard that opened the door to allow him access to the Forty Thieves’ treasure hidden in the cave. Today, we have our own magic words that open the door to all of our treasures. We call them passwords.
I write one check a year on April 15th, (you can probably guess who it’s to.) Everything else (everything) else is done online. All of my financial transactions, in or out, happen when I log into my various accounts. All of those require a password and a login name. In addition to this, there are all of my online, non-financial account passwords and logins. This includes my e-mails, my web sites, and all the other online hangouts that require authentication. I counted up 74 unique login/password combinations that I need to remember.
Most importantly, I must keep all of these secure unless I’m to suffer the same fate as the Forty Thieves and see my treasures all whisked away by eavesdroppers. There was a recent article on the web lamenting how many people are still using “password” or “12345678” or some other easily guessed nonsense as a password.
That got me to thinking about how secure my own passwords really are. With a Google search I found a couple of sites that will estimate how secure your passwords are:
I tried all of mine and found to my relief that all would take thousands of years to crack via brute force computer guessing and that most were in the many million year plus range. I’ve been paranoid about passwords since the very beginning of the computer age. I like the second link best as it seems to be more conservative and generates shorter times to crack the passwords. Try yours to see how they rate.
By the way, proving my paranoia, I didn’t test my actual passwords, but used similar ones. For example, if a real password consisted of #GW%4983#sp, I would type in something like *VB@9210)kw to see how it would rate.
The problem with really secure password such as #GW%4983#sp, which would take a million years to crack, is how the hell you remember them! Since I’ve got at least 74 of them to keep up with, I’ve done the obvious thing and written them down, which is a big no-no, except that I’ve written them down in my own crazed manner.
I use association chains that mean something to me and to no one else. I don’t write down the password but a hint that will lead me to the real password. For example, I might write down “Pebbles” as a hint to an online blog password. When I see that hint, I would mentally run down an association chain link this:
Pebbles –> daughter of Fred and Wilma Flintstone –> the Flintstones were an animated version of the Honeymooners –> in which Ralph Kramden would frequently threaten his wife Alice –> which leads me to Lewis Carroll’s Through the Looking-Glass –> which reminds me of the Bandersnatch –> which takes me to a favorite science fiction novel from many years back –> which leads me to the name of a space ship –> Vegan Confederacy Space Fleet Bandersnatch Battle Saucer 61 –> which leads me to the final password of *VCSF#Bandersnatch&BS61@ which would take 19 million trillion years to guess. I’ve got a short set of mental rules that tells me when to capitalize and how to insert punctuation marks.
That may seem a little extreme, but you can figure out some logical chains from your own experience that are just as cryptic and that mean nothing to anyone but you. I think of the hints as the title to a short story which triggers a recall of the plot from which I can determine the password.
If you try some potential passwords on the password checker site, you’ll pretty quickly get a feel for how to make them more secure. For example, my given name, Reeves, as well as my surname, Motal, are both very uncommon. If I try using them, here’s what happens:
Just my first name: Reeves –> .03 seconds to crack it
Add my last name: ReevesMotal –> 6 hours to crack it
Add a dollar sign to the end: ReevesMotal$ –> 22 days to crack it
Mix it up: RmEoEtVaElS$ –> 37 million years to crack it
The same letters are used, but tangled together like that makes it over 600 million times more secure. Just reversing the letters from ReevesMotal to SeveerLatom changes it from 6 hours to 16 years. Add some punctuation and #Seveer@Latom$ runs it out to 7 thousand years.
One more thing about passwords: keep it clean. For example, if you are laid up in a hospital and need for someone else to transfer money for you, you don’t want your password to embarrass both of you.
Look over your passwords and give them a try on the site. If you’ve got a lot like I do and need to write them down, try “short story title” hints. Here are some of my real password short story hints: “Breakfast Swans,” “High Seal,” “Puerto Rico,” “Bloody Mary,” “Tunisia Twin,” “Concerto,” “Murph,” “Jelly Beans,” “Friendship,” “6430,” and “?”
Good luck trying to guess them!