With the advent of the new complexity requirements for passwords:
- Not a word found in the dictionary
- Must be at least eight (8) characters in length.
- Contains both upper and lower case letters
- Includes numbers
- Includes special characters (e.g. $)
Many people are struggling with creating new passwords that meet the requirements and are still easy to remember.
Below are three methods you can use to create secure passwords that are easy to remember.
Method 1 - The Sentence/Phrase Method
In general, the longer the password, the harder it is to crack. An easy way to make really long passwords that are easy to remember is to use phrases or sentences. For example, let's use the opening phrase of the Gettysberg Address:
"Fourscore and seven years ago"
and compress it into a string of characters "Fourscoreandsevenyearsago". This easily meets the length requirement of eight characters and has both upper and lower case. It still needs a number. In this case, our phrase has two numbers in it, "four" and "seven". We can simply turn the word "seven" into the number. (Note: Some systems don't like having a number as a first character in a password.) This gives "Fourscoreand7yearsago".
Special characters can be added in a couple of different ways. (Note: Most systems will only allow the special characters "#","$","@" and "_" in a password.) One is to simply insert the underscore character, "_", where the spaces would normally go in the phrase, "Fourscore_and_7_years_ago". Another is to substitute special characters for the letters that resemble them, e.g "$" for "s" and "@" for "a". This gives us "Four$core@nd7ye@r$@go. You can also combine the methods giving Four$core_@nd_7_ye@r$_@go.
Method 2 - The Initials Method
1. Select a sentence that will be easy for you to remember. This could be a personal motto, a famous quotation, or a simple statement like:
"My son, Alex, is a great chess player."
Make sure the sentence has at least eight words.
2. Take the first letter of each word - "msaiagcp". This becomes the basis of your password.
3. Decide whether you want to capitalize vowels or consonants. It is generally a good idea NOT to capitalize the first letter of the password since hackers check for that sort of thing first. So if the first letter is a consonant, capitalize vowels. If the first letter is vowel, capitalize consonants. In this example, the first letter in "msaiagcp" is a consonant so we will capitalize vowels - "msAIAgcp"
4. Add numbers. Again, hackers expect you to add a number at the end of your password so don't put it there. Instead, look for ways to substitute numbers for words or letters such as "2" for "to" or "too", "4" for "for" and "1" for "i" or "l". We will substitute a "1" for the "i" in our password. "msA1Agcp"
5. Add special characters. The easiest way to add special characters is substitute special characters for their alphabetic look-a-likes, e.g. "$" for "s", "@" for "a", etc. Be careful to check that your system accepts the special characters you plan to use. The LSUHSC-NO network allows "#","$","@" and "_". We will replace the "s" in our password to get the final version. "m$A1Agcp".
Now we have a new password that meets all the requirements and still fits our original statement
"(m)y ($)on, (A)lex, (1)s (A) (g)reat (c)hess (p)layer."
Method 3 - The Rolodex Method
1. Select an entry in your rolodex or personal address book. The name should not be a word that is found in the dictionary. Names like Clay, Smith, or Bush are not good choices. Names like Nagin, Landrieu, and Cheney are. We will use for this example the name, Alex Sepino. Please note that this is a fictional name and any similarity to any persons living or dead is purely coincidental.
2. Mr. Sepino's phone number is "555-2350". We insert the last four digits of his phone number in between his first and last name. This gives us our numbers. "Alex2350Sepino"
3. Decide whether you want to capitalize vowels or consonants. It is generally a good idea NOT to capitalize the first letter of the password since hackers check for that sort of thing first. So if the first letter is a consonant, capitalize vowels. If the first letter is vowel, capitalize consonants. In this example, the first letter in "Alex2350Sepino" is a vowel so we will capitalize consonants. "aLeX2350SePiNo"
4. Add special characters. The easiest way to add special characters is substitute special characters for their alphabetic look-a-likes, e.g. "$" for "s", "@" for "a", etc. Be careful to check that your system accepts the special characters you plan to use. The LSUHSC-NO network allows "#","$","@" and "_". We will replace the "s" in our password to get the final version. "aLeX2350$ePiNo"
Now we have a new password that meets all the requirements. "aLeX2350$ePiNo"
Here are three methods to create secure passwords that meet the new standards. As we learn of other methods we will post them here.
If you have any questions, please contact the Office of Compliance Programs at (504) 568-5135 or email us a firstname.lastname@example.org.
Frequently Asked Questions (FAQ's)
Q. Why does my password have to be so long and hard to remember?
A. Hackers have developed a number of techniques for cracking passwords. These techniques include using internet search engines to compare your password to words in a dictionary, checking for capital letters at the beginning of the password and numbers at the end of the password. Longer passwords with numbers and special characters will take the hacker longer to crack.
Q. Why do I have to change my password so often?
A. No password is unbreakable. Given enough time and enough computing power, a hacker can crack any password. The only way to frustrate these hackers to change your password frequently enough so that they never have time to crack your password.
Q. I only use my login to read email. Why do I need such a secure password?
A. Someone with your password can read your email and send emails in your name to anyone. Also, by using a technique called "escalating privilege", hackers can add privileges to your account once they have your password. Despite the fact that LSUHSC-NO has multiple layers of defenses against hackers, the best defense remains to never let them on our network. This means every user must have a secure password.