If your password is “password1”, you’re a very silly person – and I’m putting it politely. Passwords serve an important purpose that aren’t merely an annoyance to get past, but they’re meant to protect sensitive information, access to social media, emails, bank accounts, bitcoin wallets and a multitude of other online services.
Choosing a good password is simply not good enough. It needs to be unhackable! Perhaps that’s wishful thinking but we can definitely make our passwords much harder for hackers to crack.
Don’t Use These Passwords
- Your birthday,
- Your pet or child’s name,
- Your street address,
- Your phone number.
Any one of these passwords can be discovered by a malicious acquaintance, work colleague or the mailman.
Even if you are to choose a password that contains a word from the dictionary such as “aardvark5” or “zebra89”, you’re still in trouble.
Password Dictionary Attacks
A hacker may attempt to login to an online service by trying lots of different passwords. If they already know your email address, half the work is done. To crack your password, there is a process called ‘brute force dictionary attack’ that attempts to login to your account by running through a dictionary of words – often hundreds of thousands.
If your password is a dictionary word, you have no hope of stopping a determined hacker.
“But wait”, I hear you say, “I also have numbers at the end of my password”.
The same brute force attack is smart enough not to just stop at dictionary words. The attack will try, for example, “aardvark”, “aardvark1”, “aardvark2” … “aardvark1234” right through to 99999.
All this is done automatically without any input from the attacker, so the effort on their behalf is minimal.
Letter-by-Letter Password Attacks
Another common method of cracking passwords is to start at “aaa” and increment each letter in sequence, for example “aab”, “aac” … “aaz”, “aa1″… “aa!”.
This attack will also use symbols and numbers for each incremental attempt and may continue for a string of 12 characters. That’s a lot of combinations! Never-the-less, this type of attack will also eventually crack your password.
Making It Harder To Crack A Password
While you can see here that cracking a password may actually be ‘easy’ from a programmatic point of view, in reality, online services would detect these types of attacks and block them very quickly.
But what if you have subscribed to one particular website that doesn’t care about security? You’ve given them the same password that you use across all your online services, right? Whoops.
If a hacker discovers your password via an insecure website, they could just as easily breeze right in to your other online accounts knowing your password. Think this is a fanciful idea? Read how former Gizmodo reporter Mat Honan got hacked big time
To make it harder to crack passwords, ideally, you’d need to have a unique password for EACH website or online service. How could you possibly manage to remember all of them?
Learning To Leetspeak
What is leetspeak? Leetspeak is a form of writing whereby some letters in a word are replaced by a numerical likeness or other letters that create an identical or similar sound.
It’s quite simple. Replace the letter “O” (for Orange) with a “0” (zero). Replace the lowercase letter “l” (for lounge) with a “1” (one). Get creative and also use symbols such as replace “c” with “{“.
- B = 8
- b = |o
- I = !
- h = 4
- a = @
- … and so on
Make your own substitutes using numbers and symbols that you will remember easily. Each substitute doesn’t have to be one for one. For example, the letter “b” can be extended to 2 characters “|o” or capital “F” can be “I=”.
Creating A Unique Password
With your newly acquired taste for leetspeak, you’ll need a unique password for every online account you have and that may number in the dozens. Facebook, twitter, gmail, youtube, linkedin, your bank, local council, your friend’s blog, etc.
The best way to craft a great unique password is to use a short “seed” sentence with the website name in it. Then convert the sentence into Leetspeak.
For example, my seed sentence could be “I rode my Harley to “.
If I wanted to reset my Facebook password, I’d convert “I rode my Harley to Facebook”.
My password becomes “!r0d3my|-|4r13yt0I=4(3b00k”.
Try crack that. Alright, perhaps that’s a bit too complex and a real bugger to type. It could be simplified to “Ir0d3myHarl3yt0F4c3book”.
You get the idea.
Come up with your own seed sentence and Leetspeak substitutions that you are comfortable with.
Password Rules
- Start with a seed sentence with unique name for each service/software,
- Convert sentence to Leetspeak,
- Minimum length of 8 characters,
- Use both uppercase and lowercase letters,
- Use symbols and numbers.
Never share your password, seed sentence or Leetspeak with anyone.
Also read 38 Things Not To Share On Social Networking Sites
Posts related to How To Create An Unhackable Password You'll Remember
Why Secure Email Is A Myth Worth Busting With A Sledgehammer
Website Hacked? 10 Things You Need To Do Right Now
7 Tricks To Grabbing The Best Domain Names
38 Things Not To Share On Social Networking Sites [NSFW]
Tags: passwordpassword managementpassword managerpasswords
