.
|
Password Planning
Here's a quick review of the suggested way to create a memorable password plan. The book goes into much more detail, but this should get you going:
Take inventory of your current usernames and passwords. Print out the worksheet (PDF Version is suggested PDF Download-able Version
) and keep it with you for a few weeks. Every time you login to a new site, write down your existing site name, username, password and categorize it by risk level.
Once you feel you have all your sites, write them down on a newly printed worksheet sorted by risk level. Write your highest risk sites first; Your high risk sites second; You moderate sites third; and, your low risk sites last.
Assign each site a site identifier code. This is your own two or three digit code that will be used as a shorthand for you to know which site is which.
Choose your ingredients. Use the Ingredient worksheet to record your breads (beginning and ending), main ingredients (middle), and condiments (connectors). Reading the book really helps with this metaphor.
Start assembling ingredients.
Ingredient List
High-risk sites like financial institutions need a top quality main ingredient.
Moderate sites can use a lesser quality main ingredient.
Sharing breads, condiments, and spices is OK.
You should underline spices (capital letters).
Expiration date codes should be incorporated for all high-risk sites.
It's always safest to adopt a shorthand, but when you're just starting, keeping it simple is sometimes better.
Creating a Tasty Main Ingredient
The book goes into greater details on how to create a good main ingredient. The quick of this is to use short memorable phrases. There are plenty of examples using songs or TV shows, but due to copyright laws, most of those cannot be used in a book or on a website. The book uses an old public domain one that is a perfect example.
Three Blind Mice. See How They Run
Two part phrases like this are really good. They give you three good main ingredients. You can use the first part (tbm), or the second part (shtr), or combine them (tbmshtr) for a more secure ingredient. Because they are related they are easy to remember. You should not use this exact example, but it's not too difficult to think of some others. The book gives many more good examples you can use to create your own unique phrases.
Type |
Highest Risk |
High Risk |
Moderate Risk |
Bread (beginning) |
|
|
|
Bread (top) |
|
|
|
Bread (bottom) |
|
|
|
Main Ingredient |
|
|
|
Condiments (leading) |
|
|
|
Condiments (Trailing) |
|
|
|
Sample Using the "Three Blind Mice" example from the book.
Type |
Highest Risk |
High Risk |
Moderate Risk |
Bread |
ss (Site Identifier) |
ss (Site Identifier) |
ss (Site Identifier) |
Bread |
Expiration Quarter |
Expiration Month |
Expiration Month |
Main Ingredient |
TbmShtr |
Shtr |
Tbm |
Condiments (leading) |
@ |
! |
|
Condiments (Trailing) |
. |
|
|
When you create your first password plan keep the following in mind:
All your highest risk sites should have at least one bread, a main ingredient, and a few condiments to get their length between 10-14 characters. If you're just starting out, keep it very simple. You can always make it stronger later. Remember that your site identifier and expiration code is what keeps things unique (You'll have to read to book to get more information on this).
All your high risk sites should be similar to your highest, but a little different and not as complex. High risk sites are normally e-commerce (shopping) sites, so a breach could be more of a hassle than a loss.
All your moderate sites should use a different main ingredient. Moderate sites are the most likely to be sniffed by someone when you're at a public hot spot.
Your low risk sites can use the same old junk food password you may already be using everywhere. In case you haven't read the book, low risk sites keep no significant personal information about you. They normally are just meant to keep your email address and a few minor details. They may be for small forum based hobby sites, so if someone does impersonate you, it's not something that will be widespread like a FACEBOOK or TWITTER impersonation.
Sample Password Plan
Risk Level |
Site |
Top Bread |
Condiment |
Main Ingredient |
Condiment |
Bottom Bread |
Highest |
First Bank |
Fb |
@ |
TbmShtr |
! |
Q1 |
Second Bank |
Sb |
@ |
TbmShtr |
! |
Q2 |
High |
Amazon™ |
az |
@ |
Shtr |
|
A2 |
Overstock™ |
os |
@ |
Shtr |
|
A2 |
Moderate |
Twitter™ |
tw |
@ |
Tbm |
|
A2 |
Facebook™ |
fb |
@ |
Tbm |
|
A1 |
Low |
Knitters Anonymous |
|
|
JrdJsd |
|
|
Cat's Best Friend |
|
|
JrdJsd |
|
|
Characteristics of a strong password
Be at least ten characters.
Include a mix of lower case and upper case letters.
Include at least one number
Include at least one special character.
Is not a dictionary word (even spelled backward).
Internet searches for your filling should not return any meaningful results.
Do not use series like abc or 123 or 321.
Avoid character substitution (like P@$$W0RD) for dictionary words.
Password Worksheet
PDF Downloadable Version
Site |
Site Abbrv |
User-name |
Risk Level
|
Password |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
| | | H M L | |
|
The Best Plans |
|
|
ISBN: 978-0615456850 |
Are Based on Facts. |
|