Welcome!
If you have an account, please:
Log in
Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Check out the Kickstarter here (click)

--OR--

I want info first...

Fair enough. Click the thumbnail below:

Employees are allies, not the adversary
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

Password Tips and Tricks

It's impossible to expect people to be able to use a password like j8^bEr3$k7 without writing it down or worse. But does that mean that if you don't make your passwords long, complex, and mostly meaningless, you're at risk? Not necessarily. There is a middle ground.

The Phrase Trick

Caution: Popular or famous phrases aren't a good option.

While short phrases and exceedingly famous ones are likely in hacker dictionaries, the vast majority in the world won't be. "Four score and 7 years ago" would likely be no good becuase it's so well known, but "The needs of the many7of9" would.

Phrases are great because they're very long, but at the same time very easy to remember. No matter what you pick, be sure to make it abnormal in some way. To simplify this, I recommend you come up with personal password rules that you'll do for all your phrase passwords. For example:

  • Always capitalize each word (Capitalize Each Separate Word)
  • All numbers spelled out or written using numbers (forty four, 44)
  • Use * instead of spaces (this*is*a*sentence)
  • Replace the word "the" with "bat" (It was bat worst of times)

It doesn't really matter what you choose, just be consistent. It won't do you any good to remember the phrase, but not the changes that you made to it.

The Suffix Trick

The suffix trick is a method of quickly taking weak passwords and adding length and complexity to them in a simple way. For example, say you have three passwords at three different sites: cat, money and camero.

These are all strikingly weak passwords, but you may have used them for a long time and not want to get rid of them. Fair enough. But take my advice and you can secure them all without changing them too much.

To use the suffix trick, first pick your suffix. Here are some suggestions:

  • @site.com – Where "site" is any word you want and ".com" is any domain (like ".gov", ".org", ".co.uk" etc.). Here you are making your password into something that looks like an e-mail address. The beauty of this one is that it adds special characters and good length while being super easy to remember.

    For example, you could use "@hubris.jp" or "@gonzo.uk". Note that using country codes works well because they're more random than ".com".

  • 2^3=8 – Math is great because it's all numbers and symbols, but it's easy to remember and understand.

    2+5=7
    9-1=8
    6*10=60

    See?

  • 3141592 – Pure numbers. This is good for sites that don't let you use special characters in your password. You can go completely random, but in this case, it's pi. Another really great trick here is to use a number that means something to you, but no one else. For example, a friend used his 6-digit employee number from a company he used to work for.
  • three3 – Numbers and letters. Again, useful for sites that don't let you use special characters.
  • &7sh3 – This is truly random. Pick something as complicated as you can think of (so long as it's only 4 to 6 characters). This is better than some of the other picks because even if a web site admin looks at your password, they probably won't figure out the trick (where some of the other suffixes are pretty obvious).

    Again, good length and now your passwords have numbers AND special characters.

Now that you have a suffix, you're going to go to every website and webservice that you can and add the suffix to your passwords. No matter how long or hard the suffix is, since you're using the same one everywhere, it becomes easy to remember.

For example: cat2^3=8, money2^3=8, and camero2^3=8

Even if someone were to figure out the trick you're using (which is unlikely unless they can already see several of your passwords), they still have to guess the rest of your password (which will be at least as strong as your password was without the suffix).

The suffix trick is the quickest and easiest way to increase your online security right now.

In other words, there's a chance that someone might be able to figure out your trick and your passwords lose the extra security, but in all other cases, your entire online web presence has become more secure with very little effort. This is the least you should do right now until you have time to pick better passwords for your more important accounts.

For a quick and easy proof of this theory, go check your current password at the online Password Meter and then try it again with your chosen suffix.

The Levels Trick

You don't really have to have a completely unique password for absolutely every online account. The question to ask is, "what level of password is needed?"

Low Level

For example, I have a special account name and password combination I use for any site I don't like, don't trust, don't care about or think I'll never come back to (but that has something I want and requires registration).

For those sites, I use my "throwaway" information which might look like this:

  • Username: Hotdog
  • Password: relish808

Even if a site requires e-mail address as a login, I still use the throwaway password if I just don't care about them and if that account gets hacked.

Now, if I ever come to a site that requires login and I think I might have been there before, I can try my throwaway information first and see what happens.

Mid-level

For sites that would be inconvenient, but not drastically bad to lose control of, I use what is probably the easiest possible way to make secure passwords that anyone can remember. Here's how it works:

  1. Pick rule that you'll use on a website's name. It doesn't matter what it is so long as you are consistent and use it the same from now until you die. For example, let's say I choose 5 characters, proper case (meaning the first letter is uppercase and the rest lower).
  2. Next, choose a suffix from above. Math is pretty easy, but anything is fine so long as you pick a good one.

So now you have two pieces. Put them together like this:

If the site is… Then the password is…
yahoo.com Yahoo4*4=16
bofa.com Bofa4*4=16
telegraph.co.uk Teleg4*4=16
youtube.com Youtu4*4=16
bettycrocker.com Betty4*4=16

Note that because bofa.com (Bank of America) is less than 5 characters, I stop when I run out. Your rule could be to fill the fifth slot with the '&' sign or whatever you want.

Now have good length, upper, lower, numbers and special characters, but the second you see the website, you instantly know the password since the suffix is the same EVERYWHERE and the rest of the password is based on your rule.

High-level

All accounts that protect your money, your reputation, or privacy should use your strongest, most important, most secure password of all. For example, take your most important online account of all… your e-mail. "E-mail? Are you kidding!?", you say? Actually, I'm not.

These forms make every account at risk if someone can get in your e-mail

What you see here is a password reset form. Using it, I can enter your e-mail address and a quick verification number that's shown on the screen and they'll either send the password back to me or reset it to some random value (which they'll send to me). Either way, if I'm in your e-mail, I can unlock your account.

Because of password reset forms, access to your e-mail account is access to your world. Keep your e-mail account secure!

For these websites, I most recommend using the phrase trick or anything that's both long and complicated. If you have to write it down, go ahead, just don't keep the password in an easy-to-access place like your wallet or laptop bag.

If you use these tricks, you'll be more safe and secure than the vast majority of people though you still need to protect your passwords.
passwords Tutorial
prev: Bad Passwords|INDEX|next: Password Protection

Making Good Passwords

To understand what makes a good password, let's talk about what makes a bad one first.
Making good passwords can be complex, but here are some tips and tricks that will make it easier.

Password Protection

Once you've taken the trouble to make a good password, the next step is to keep it safe!
Now that you've done all this work, you have to learn the most important rule of all: DON'T GIVE THEM AWAY!

Share This

Have a Comment or Question?

1 Comment to “Password Tips and Tricks”

» Comments RSS Feed

[…] TheGeekProfessor.com has a few ideas on password components that I have modified slightly to create this method.  Use a math equation you can remember, but spell some of the numbers phonetically to add letters and complexity. […]

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

computer security Tutorial
|INDEX|next: Spyware Scanners

Security Software

Make sure you have a up-to-date Anti-Virus Program to protect you against bad websites or files.
Sometimes spyware gets in your computer and the anti-virus won't stop it. Use a spyware scanner to find and remove spyware and adware.
Use a software firewall to detect bad code on your computer when it tries to connect to the Internet.
Always keep your system up to date with security patches or none of the rest of your security software will matter.
Use an encryption tool to protect your important data when storing or transmitting it.
Switch to Firefox for your web browsing and you'll be better protected from Internet threats.

Safe Computing Practices

Don't get tricked by fake alerts or clever webpages into downloading viruses or spyware!

... or check out any of my other guides and tutorials by clicking here!

Bad Passwords

To understand what makes good passwords, first check out some of the worst passwords out there and what makes them so bad.

[Click for full description]

Password Tips and Tricks

It's impossible to expect someone to make good passwords by just giving them some rules. There are tricks that make your passwords secure and easy for you all at the same time.

[Click for full description]

Password Protection

It's really a skill to come up with secure passwords that you can remember. Once you've learned how, remember that it doesn't matter how good you are if you don't protect your password properly.

[Click for full description]

Password Mugging

A disturbing new practice among websites and services is where they ask you for your user name and password to other sites. I call this "Password Mugging"

[Click for full description]

Anti-Virus

A virus can come from files, e-mails, web pages, or even devices you plug in (like thumbdrives or printers) and destroy your files or your computer once they get in. An anti-virus is software designed to detect and prevent that from happening.

[Click for full description]

Spyware Scanners

Learn how to detect and remove spyware and adware using a free scanning tool.

[Click for full description]

Software Firewall

Learn what a firewall is and why you want one on your computer.

[Click for full description]

Operating System Updates

Make sure to keep your operating system up-to-date with security patches or else none of the rest of your security software will be able to protect you.

[Click for full description]

File Encryption

Learn how to protect your important files on your computer or when transmitting them with free tools for file encryption.

[Click for full description]

Mozilla Firefox - Internet Browser

There are many browser choices out there. Read why I think Firefox is one of the best.

[Click for full description]

Fake Alerts

Maybe you've done everything right and you're computer is sufficiently fortress-like, but then you or someone in your family falls for a simple scam that tricks them into directly installing the bad guy's virus! Learn how to spot and ignore fakes!

[Click for full description]