Monday Musings: Strong Simple Security

It sounds like an oxymoron, doesn’t it?  How can security be strong but simple?  Let’s look at the basics – your passwords.  These are the keys to your doors and thanks to the proliferation of the internet into all aspects of our lives, we each have a lot of doors to open.  Now how many of you are guilty of re-using the same password over and over?  People often say to me that they simply can’t remember the plethora of passwords that modern living dictates we carry with us, but that’s like having one key to unlock your home, you garage, your car, your locker etc. – not only do you have a key for each lock, I don’t even keep my keys in the same bunch.  I have my office keys, car keys and home keys all separated, because you only have to experience the dread of losing all your keys once to find a better way of working.  So when I received the email from LinkedIn last week telling me I was one of the unlucky 6.5 million whose password had been leaked to the internet, I wasn’t overly perturbed.  Don’t get me wrong, any potential leak of personal information shouldn’t be taken lightly, but in this case there is nothing on my LinkedIn that isn’t public anyway and more importantly, I don’t keep the same password for any two systems.

As much as I’d like to claim having an eidetic memory, I can maintain strong, unique passwords for all my logons because I have a system to generate the password based on the logon itself.  It’s easy as long as you follow a few rules.  A good system should:

• Generate long passwords – 10 characters plus (as Mercedes Benz would say “there’s no replacement for displacement”)
• Not contain common dictionary words
• Not contain anything personal to yourself i.e. your birthday/maiden name/first pet
• Use symbols

Let’s create an example for www.amazon.co.uk.  Amazon has six letters, so my password will start with the number “6” followed by the word “SIX” in uppercase.  I’ll add “alpha”, taken from the phonetic alphabet based on the “A” in Amazon, then an “&” as my symbol.  That’s already 10 characters long, but I’ll then add an uncommon phrase at the end just to fill it out, like “chittybang”.  My password for Amazon therefore becomes 6SIXalpha&chittybang.  This is a system that becomes remarkably easy to remember but difficult to crack.

Because systems are easier to remember than individual passwords, you can even start maintaining different systems for different applications, so at work where passwords change more frequently, I’ll use one system that lends itself to multiple iterations, whereas for online shopping I’ll use another system and just change part of the convention every six to twelve months.

There we are.  Strong.  Simple.  Secure.  Stay safe!