Passwords and PINs

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Since I went to the trouble of spouting my big mouth about security, I thought I might post some ideas that I recommend to others. The disclaimer is that I’m not 100% compliant with my own suggestions so do as I say and not as I do.

I tend to break my passwords up into three groups:

* Very Secure
* Moderately Secure
* Throw Away

Very Secure is basically any account that involves money or might involve people being able to get at my money. For instance my online poker accounts would be considered Very Secure. I also consider my email account Very Secure because someone could request a password reminder from a Very Secure account be sent to my email address.

Moderately Secure would be accounts for message boards, websites, and other misc places where I frequently log in. I tend to classify any site where I trust the source as Moderately Secure. Yahoo’s My Yahoo, my AOL IM, and other accounts fall into that category.

Throw Aways are sites I do not know very well, don’t plan on having a long relationship with, or simply think might be a little dodgy.

I use three different methodologies to generate passwords for each. Someone who figures out a pattern in my Throw Aways won’t be able to figure out the pattern used for my Moderately Secure and Very Secure accounts. The best way to describe it is via an example.

Let’s say I use the following pattern to generate memorable passwords for each site:

Very Secure: I might pick a passage from a book or a famous quote and use the first letter of each word along with a date or memorable number. Let’s say that the phrase I select is:

If there wasn’t luck involved I would win every one.

Since I have to keep the password to about eight characters, I’ll just take the first four words which gives me:

itwl

Now I pick a number. A good way to randomize it a bit might be to incorporate the number of characters in the name of the site in the number. So, let’s say this is my Neteller account. There are eight characters in Neteller. So I take eight, plus, let’s say my favorite number (seven) and the 25th (Christmas). Now I have 4 numbers that I’ll mix into the four letters, which gives me:

i8t7w2l5

It’s rather random, customized for each site, and relatively difficult to guess. I might even go the extra step and mix it up even more by capitalizing either the consonants or vowels depending on the first letter of the site’s name. So if I were to employ that here, Neteller starts with a consonant so my password is now:

i8T7W2L5

At ABC Poker, my password would be:

I3t7w2l5

For Moderately Secure sites I might pick a different phrase and different numbers. I might also forego the capitalization or do just the opposite (capitalize vowels when the name begins with a consonant).

For Throw Away accounts I would just tend to use the first four letters of the site name combined with my birthday or some other easy to remember four-digit number.

The advantage of this is that the level of sophistication goes up as the risk of unauthorized account access goes up. Additionally, there’s a reduced risk that if someone gets my ABC Poker password that they’ll figure out my Neteller password. And the beauty is you could even write down your little pattern as a reminder in such a way that even if someone ran across it they wouldn’t necessarily be able to decipher it.

If I had to leave myself a note on my password scheme I might just write down:

If there wasn’t luck involved . . . 7 – Xmas

In the absence of any other information, it’s highly unlikely anybody would be able to reverse engineer your password for any site (unless they read this site and you didn’t change up my recommendations even just a little).

I might even just abbreviate it as:

Luck

Anyone who ran across my little note would have no clue.

I also use a tricky little trick to secure my credit and bank cards. With so many cards, I often forget the PIN so I use a labeler and put the PIN on the card. But instead of just putting the actual PIN on the card, I add a number to the PIN. Let’s say that my PIN number is:

4567

I add the same number to all my cards: 55

4567 + 55 = 4622.

Now when I pull out my card and look at the PIN I’ve put on the card, I just subtract my seed number and I have the correct PIN.

The reason I like this one is that it adds an extra security level to the card. Most ATM’s freeze the account and confiscate the card if you try the wrong PIN three times in a row. Whoever steals my ATM card and tries to use it will automatically try the wrong number thinking I’m a complete idiot. Hopefully, he’s stupid enough to try it three times and losing the card in the machine.

Anybody else have any suggestions on security precautions you regularly take?

License

This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.

• BROWSE / IN TIMELINE
• « Sometimes Life Sucks – DuggleBogey and Full Tilt - Part II
• » I Will Stake You - Hurry, Limited Time Offer!!!

• RELATED / YOU MIGHT FIND THESE INTERESTING
• No related posts