Following on from my earlier blog ‘ How to create strong memorable passwords that are difficult to crack ‘ this article takes the theme a bit further, by using the strong memorable password / passphrase that you have already created to create more, for use with all your different online accounts.
To help us do this, we are going to use a technique that is known as salting .
We’re talking passwords for the ordinary Internet user
Before getting into the simple technique of salting, it is worth taking a moment to explain why you might want to bother to follow these particular password creation techniques and what these techniques are for.
First of all, these simple techniques are aimed at just one group of people that just happens to be the largest group – the ordinary Internet user. The average Internet user will want to use the Internet for shopping, email, facebook, banking, gaming etc. Some might even see the Internet as their friend. The problem is that there are bad people on the web who are definitely not your friend and they can make the Internet a much less friendly place. Using simple passwords can give the bad guys an open door to your online life. Using strong passwords for your online accounts is a start to help keep these cyber criminals otherwise engaged.
So, very briefly, the techniques I discuss below:
- Are for the ordinary Internet user
- Are easy to remember
- Can use memory joggers or notes
- Will make it more difficult for a cyber criminal’s computer to work out your password
- Can be used to make long (which is better!) or short (but not too short!) passwords
- Do not stop someone looking over your shoulder
- Do not stop you sharing your password (either deliberately or accidentally)
- Are not the only way to create passwords – there are other ways!!
One more thing… As an ordinary user, you may not know about how cyber criminals go about attacking Internet users – they do have many techniques. Future blogs will look at other things that you can do to stay friends with the Internet.
The password salting technique
First, let us create a password using the previous technique ‘ How to create strong memorable passwords that are difficult to crack ‘. We will call it your master password .
Master password = 6GCtMT9 DB
The password is based on the song ‘Space Oddity’ released by David Bowiein 19 69 . It mixes the initials of the individual opening words’Ground Control to Major Tom’ [ GCtMT ], the year the song was released [ 69 ] and David Bowie’s initials [ DB ].
Now, if you are happy that this is a fairly strong master password at 9 characters in length, including a mixture of figures and upper and lower case letters, then you could use this as a password for a single online account in itself. The problem however, is that most of us will normally have many more than one account and it is a bad idea to use the same password for different accounts. Why? Because… if for any reason your password ends up in the wrong hands, then it could be used without your knowledge to access your other accounts. So we need more passwords and this is where the salting technique comes in.
Let’s say you have 4 accounts that you want to have different passwords for. Let’s use seasons (pun intended) for your imaginary accounts: spring, summer, autumn and winter.
We can salt your master password for each of the accounts in a number of ways.
For example:
| spring | 6GCtMT spring 9DB | 6 spr GCtMT9DB | 6GCtMT9DB SPR |
| summer | 6GCtMT summer 9DB | 6 sum GCtMT9DB | 6GCtMT9DB SUM |
| autumn | 6GCtMT autumn 9DB | 6 aut GCtMT9DB | 6GCtMT9DB AUT |
| winter | 6GCtMT winter 9DB | 6 win GCtMT9DB | 6GCtMT9DB WIN |
It really is as simple as that to salt your master password and you can choose your own way in which you want to do the salt. You can choose salts that make sense to you, you can write them down, you can choose where to add the salt and even split it across the master password.
Keep your master password a secret
IMPORTANT – The key point to note if you are going to use this technique, is that you must keep your master password secret. It is therefore a very good idea not to use your master password without a salt for any account.
And change it from time to time
And finally… Remember – it is not good to keep the same passwords (even with salts) for a long time as you can never be truly sure that they have fallen into the wrong hands. Go ahead and use your salts as before, but do change your master password every so often.
There is much more information online regarding salting with a good starting place being the old favourite, Wikipedia . If you want to find out more about salting, then make sure you search for salt, salts and salting in relation to areas such as cryptography, hashes and passwords.
Good luck.
Article by Bert Curtin, Senior Information Assurance Consultant at Ascentor
Other articles you might like:
- How to create strong memorable passwords that are difficult to crack
- How to protect your website and blog from being hacked
- Protect your systems from cyber threat with these 7 basic security controls
The post How to Create Strong, Memorable Passwords that are Really Difficult to Crack appeared first on Ascentor.