post

How to Create a Damn Secure Password

This post was created after someone hacked my Gmail account recently 🙁

Same password for all sites

Don’t say that you use the same password for all website accounts. According to a survey conducted in USA, about 33% of internet users set the same password for all their internet accounts. Are you one of them?

This may be very convenient, because we don’t have to remember many passwords. But this will make crackers, spammers, and other internet criminals feel very ‘convenient’, too. Imagine that they managed to steal our password. They would gain access to all our accounts, like emails, Facebook account, and everything.

The conclusion is, having the same password is very prone to password hijacking.

Other ways

  • You may create different passwords and list them in a piece of paper. But how if the paper get burned or lost, or even stolen?
  • You may create different passwords and store them in a secure password manager program in a computer. Once more, how if we lost our computer, or the computer is attacked by virus so the program get corrupted?

So how?

The problem is now how to create a unique password for each website, and that is both easy to remember and hard to crack? This tips utilizes a one-way cryptography method called MD5, whose encrypted text will be very very hard to decrypt. Let’s use it to create a secure password.

  1. Create a unique keyword that is easy to remember but complicated. For example, IwbiJ1yno (I was born in January 1 year ninety one). Very simple, and no one could ever imagine.
  2. The password we are going to create is the encryption of the combination of our keyword and the website name. For example, to create a password for a Facebook account, we can use the combination IwbiJ1yno Facebook or IwbiJ1yno Facebook 2010. Or use another combination that is easy to remember and consistent.
  3. If you are using Linux based operating system, open a terminal and type
    $ echo -n "IwbiJ1yno Facebook" | md5sum

    Then you’ll get the encrypted phrase. For other operating systems, you can just use the online MD5 hash generator.

  4. Finish! Use the encrypted phrase as your new password. For our example above, the password will be f9f846b90abd6a0ee08f718f9d6684e3. You may use the password for your Facebook account now.

Advantage

We only have to remember one keyword and the website name to reproduce our password. Even if one of our passwords is stolen, the thief cannot use it to generate our passwords for other websites. MD5 encryption has 128-bit hash value, so there are roughly 2128 valid passwords. That’s too huge to be brute forced.

As a note, MD5 encryption can also be replaced by other one-way passwords, such as SHA1.

What do you think? Will this work for you?

About Ashar Fuadi

Ashar Fuadi is a competitive programmer from University of Indonesia. He loves to code, especially for TopCoder SRM, Codeforces, and ICPC.
Follow Ashar on Google+ and Twitter.

Comments

  1. It’s inconvenient that I have to encrypt (keyword, website name) to (password) every time I login in website…

  2. The hard work will be worth it 🙂

  3. cukup sulit.. tapi boleh dicoba lah..

    salam, re2myblogg

Speak Your Mind

*