by Brian Alderson
Last updated: 22 August 2015 5:41pm
The information on this page applies to people in all countries.
How long do you think it would take a schoolboy hacker to crack the following password using an average desktop PC?
According to the Kaspersky password strength checker it would take just 2 minutes to crack it using a brute force attack!
If we change one of the characters to uppercase, the crack time for the same password only rises to 5 minutes.
mysafePassword31 – crack time: 5 minutes
Look what happens if we replace a character with a symbol..
mysafePas$word31 – crack time: 21 minutes
Most signups ask you to choose passwords that contain at least one uppercase letter, one number and one special symbol so you’d think it would take longer than 21 minutes to crack this so what’s wrong ?
Notice that it contains three words which can be found in an English dictionary. Hackers can use digital dictionaries and sophisticated software to send thousands of random login attempts per minute to your computer using words from their dictionary databases so it makes sense to NEVER use words that can be found in a dictionary!
Let’s change the word ‘safe’ to ‘dozn’..
mydoznPas$word31 – crack time rises to: 6 days
Let’s change the word ‘Pas$word’ to ‘Pordwa$s’..
mydoznPordwa$s31– crack time: 9,130 centuries!
Minimum password format
Follow these guidelines to ensure you always use strong passwords:
- At least 10 characters long
- DO NOT use dictionary words in your passwords
- Include a capital letter
- Include a number
- Include a special symbol (i.e. !&£$*)
I’ll show you how to easily remember any number of different 10-character passwords later..
Can passwords ever be 100% safe?
Internet security can never be 100% safe because passwords are stored digitally in a database somewhere. Passwords are usually encrypted before being stored in a database so humans cannot see your real password even if they hack into the database so the risk is quite small but there is still a risk.
Hackers sometimes use keystroke loggers that record every key press you make on your keyboard. It then sends a log of all your keystrokes to a remote server where they can be analysed.
Keystroke loggers are designed to work in stealth mode so you probably won’t ever know you are sending your keystrokes to hackers! I’ll write a new page about keystroke loggers shortly.
Another security risk when logging into online accounts are members of staff. A disgruntled employee could help hackers with inside knowledge etc.
As far as personal password security is concerned, the ONLY way to guarantee the best possible password security is to NEVER write it down or store it digitally on any computer – EVER!
How to use different strong passwords for ALL your account logins and devices.
The following information if implemented, will dramatically improve your personal and Internet security overnight.
If you adopt this password strategy you will be able to quickly and reliably log into ALL of your online accounts and devices using completely different (and very strong) passwords for each and every logon!
Just choose a master password and commit it to deep memory. Now change ONE character in your master password for each of your account logins!
You can have an unlimited number of unique passwords this way and even if one of your accounts is somehow compromised, all of your other accounts will stay safe!
Instructions (Master Password)
Start with a great master password. You must NEVER write down your master password or store it on ANY computer system ANYWHERE. The only passwords you should use are variations of your master password. Never use your master password for any of your accounts. You should never need to change your master password.
Storing your master password ONLY in your brain guarantees 100% security because nothing can ‘connect’ to your brain. Only you!
Master password is Zoonybob12! (time to crack: 14 years)
I just made this up from information about my personal life making sure I didn’t include any dictionary words. ‘Zoony’ was my first dog’s name. Bob really is my uncle and Zoony died when I was 12. I used an exclamation mark for my special symbol because his death was very sudden.
Instructions (Memory Jogger File)
OK – Now start building your password memory jogger file:
The memory jogger file shows which character to change followed by what to change it to. Since only one character in your master password is changed for each of your new passwords, you can safely write down your password memory joggers in a simple text file and then keep multiple copies on all of your devices. You could lock yourself out of your devices if you lose your memory jogger file.
It’s OK to email a copy to yourself or keep a copy in your purse or wallet. There’s no security risk here as the memory jogger numbers are only meaningful to you.
PayPal 6a – (password = Zoonyaob12!)
Personal Banking 4d – (password = Zoodybob12!)
Facebook 8f – (password = Zoonybof12!)
Note: Your password memory jogger file does not include the passwords in the brackets above. I only show them to help with the explanation. The actual memory jogger text file should look like this:
Passwords.txt PayPal 6a Online Bank 4d Facebook 8f Laptop 3r --- ---
Do this for all your passwords and you will have a much safer and happier digital life knowing that ALL of your online accounts and devices are safe!
If you decide to adopt this password security strategy you should pre-decide ALL of your account logins first. Create a list using Notepad as above and then change all of your passwords in one go. Always check that you can log into each account after each password change before moving on to the next.
What if I forget my master password?
Don’t do that! – If you make up your master password using events and things in your personal life, it is unlikely that you will forget it.
You’ll probably log into your accounts a few times per day so your master password will quickly become firmly embedded in your conscious memory. You will then start remembering most of your login passwords by remembering two-character numbers.
Using the above example, when you log into your PayPal account you say to yourself ‘PayPal 6a’ and then mentally change the corresponding character in your master password as you type.
Online banking would be ‘Online bank 4d’. Your Facebook account would be ‘Facebook 8f’ and so on. With a bit of practice you’ll be able to securely log into all of your accounts and devices by simply remembering a two character password that actually translates to a strong password. It works like magic for me and I rarely get any of my login passwords wrong while I’m working!
I recommend keeping a copy of your master password along with your memory jogger text file with your bank, solicitor or someone you can really trust.
This should be the ONLY written down copy of your master password. You should also include the holders name and address in your will along with instructions on how to decode the information in your password memory jogger file.
What if I lose my memory jogger file?
If you only have one copy of your memory jogger text file and you lose it then you will need to ask for password reminders to be sent from each website and then reset all of your passwords again. It may also be impossible for you to use your electronic devices!
You should use a simple text editor program like Notepad.exe and name your password memory jogger file ‘Passwords.txt’. Now store copies on all of your devices. Also send it to yourself via email.
Remember, there’s no security risk in storing your Passwords.txt file on all of your devices but make sure you store them in your documents folder. The information in your password memory jogger file is useless to anyone else because it is utterly impossible for them to know your master password. – You haven’t written it down or stored it on any computer system anywhere – right?
I hope you find this information useful and that you’ll adopt this password strategy for your own use and to help make the Internet a safer, more secure place.
Brian Alderson (CEO)
Don’t use any of the example passwords for your real passwords!
Disclaimer: The information given on this web page is sound and the system has been fully tested in a working Internet business. Please regard this information as an offer of free advice and act on it at your own risk.
FREQUENTLY ASKED QUESTIONS
This seems so simple – why isn’t everyone using this system?
The power of the system is it’s simplicity. You already have the best password manager software installed in your brain – your biological memory, accessible only by you! With this system you only need to remember ONE password for the rest of your life.
Variations of that same password are then used to securely log into any number of accounts and devices. It effectively allows you to log into all of your accounts by remembering a simple two character password instead of lots of different and complex passwords whilst maintaining a very strong login status!
Can this password protection system be trusted 100%?
Usually nothing can be 100% safe but this system really is because the master key password is known only to the account holder and it has never been written down or stored in any digital storage system anywhere in the world.
To ensure your systems are as safe as they can be you should re-install your operating systems using the ‘format drive: full format’ option during the installation program.
After install do not use your web browser, go straight to Microsoft Updates in Control Panel first and download/install all security patches and bug fixes. Keep re-running Microsoft Updates until there are no more updates available. Now install any required software such as anti-virus and check and download any software updates for the product/s.
Once all software is installed and updated you can safely go to each of your online providers to start changing your passwords to the new system.
Please contribute to this page and leave your comments
Here’s a couple of my other websites:
Free Kindle Books UK
Download over 32,000 FREE eBooks and read them on any device.
Theory Test Trainer
Helps UK learner drivers to pass their DVSA driver theory test.