With ONE WEEK to go until the Code Runner launch, my agoraphobic hacker Amy Lane lays down the law on password security. Ignore her at your peril!
If you’re looking for my advice, I’m assuming we’ve filtered out the first layer of morons. I’m talking about the kind of people who think “password” is a great password or use one of the most common and worst passwords of the year. Or that swapping out letters for numbers in the name of their favourite band is the height of security. (Yes, Jason, I’m looking at you.)
I also assume you have something worth guarding. Facebook is a leaking sieve for privacy – your best password is wasted on it. Of course, the best hackers will always bypass your defences, but you don’t have to make it easy for them.
Unless you have a good head for random letter-number strings, you will likely base your password on words in common usage. This improves the chances of your password being guessed by a hacker. If that word is publicly associated with you, those chances increase at a steep incline. Therefore, if you use something as moronic as your child or dog’s name as your password, the probability of a first-time guess approaches 1.
However, our memory functions better when we have something to hang it on. We are increasingly asked to answer information about our school teachers and first cars because it is assumed that this information is only available to us and our closest friends and friendly, who we presumably trust. This, in my view, is a dangerous assumption. However, it is better than writing it down, which is a capital crime and should be punishable by firing squad. Do not do this.
Letters, numbers, symbols
Services are demanding more and more conditions for your passwords. Uppercase letters, special characters, 8-16 characters – by imposing these rules, they hope to make your password more secure. In fact, they are driving more people to write down their passwords in an effort to remember. This is, of course, very stupid (See above: firing squad).
Numbers prove difficult to remember for most people. However, under specific circumstances, they prove easier to remember. Pairing numbers or grouping them into familiar patterns can help. For this reason, dates can be useful – though not your wedding anniversary, please (See above: moronic). You can also recycle numbers you learned in the past, like your best friend’s phone number or the postcode of your first house.
Group your passwords
As we have already established, most people cannot remember random data. Ideally, we would have different passwords for every single one of our access points. I live in the real world, however, and I know that this is not the case.
A way to get around this problem is to group passwords – perhaps based on function or subject matter, and sometimes based on level of security. Your bank security should be higher than your phone passcode, though both should be as secure as possible. Perhaps you use the same password for every account your setup in 2014, or perhaps you have a set of passwords for work and a set for home. Maybe all your social media accounts share variations of one password – and variations are very important. We do not want one guessed password to fell an empire.
Use it or lose it
Password-saving browsers and applications are a blessing and curse. On the one hand, they prevent the sin of writing down a password. On the other, they mean that all someone needs to do is open your browser and they can access every account you own. At minimum, your browser passwords should have an access lock – a master password.
However, the best way to remember a piece of data is to use it continuously. This will maintain it in short, medium and long-term memory. Therefore, resist the urge to tick “remember me” after setting a new password. Constantly typing the password will help you to remember it.
The best passwords are personal
Your password should be memorable to you and only you. The crush in primary school that you did not tell a single soul about. Your favourite character on the TV show you watched after your parents were in bed. The book you read that changed your life but everyone else dismissed as trash. These are memory gold, the data mine from which all your passwords should be gathered.
If you speak a non-English language, use it in your password. If you have a favourite phrase or saying, consider using the initials. Surnames and exotic place names that have no connection to you except that you once read about them on Twitter but did not press “favourite”.
Pair two completely separate parts of your life in one password. The name of your school house and your favourite blend of coffee. The day you passed your driving test and the first single you every owned on CD (or mp3 or tape or record). The details of your first kiss, even if it’s still in your future.
These are the dreams passwords are made of. Go forth and make better passwords.
When streetwise ex-con Jason Carr is framed for murder, agoraphobic hacker Amy Lane must prove his innocence before he is hunted down by vengeful gangs, the police and the mastermind behind it all. Code Runner, Book 2 in The Amy Lane Mysteries, is released on 29th September 2014 and you can order it here.