SlideShare a Scribd company logo

How to create a bulletproof password

Easy Security Online
Easy Security Online

Do you have less than 5 passwords sprinkled across dozens of accounts? Do you struggle to create long passwords with all those characters? Have you ever had an account hacked? Are you protecting your corporate account with something as trivially crackable as "76trombones" or "passw0rd!"? Many people believe that good password policy is important, but it's just too hard. Nonsense! Not when you know the tricks! In this short slideshare I will show you why strong passwords are critical, the 4 rules of creating a strong password, examples of these passwords and how they were created, the simple way to create a bulletproof password yourself, and the duh-easy way to memorize it! You'll kick yourself for not doing this sooner! Please share. We've got to get the world following a better password policy.

Technology
1 of 26
Download to read offline
How to Create a Bulletproof Password that You Can Easily Remember WWW.EASYSECURITYONLINE.COM
What We’ll Cover  State of the union  4 Rules of a great password - GOAL  Examples of bulletproof GOAL passwords  Easily create your own GOAL password  The dirt-simple way to drill it into your memory  Next steps www.EasySecurityOnline.com 2
Data is Leaked All The Time  Your credentials have already been compromised  They will be compromised again www.EasySecurityOnline.com 3
People Use Terrible Passwords  The Top 50 Passwords according to http://wpengine.com/unmasked/  Is yours in here? www.EasySecurityOnline.com 4
People Reuse Passwords  Extremely dangerous!  If a hacker figures out your password on one site, they will try it on other sites  I hope you’re not protecting anything important on those other sites www.EasySecurityOnline.com 5
But Good Password Policy is Too Hard  “I can’t come up with a complex password”  “I can’t remember complicated passwords”  “I can’t keep all those passwords straight” Nonsense! I’ll show you how to do it First let’s understand the four rules of making a good password… www.EasySecurityOnline.com 6
4 Rules of a Good Password – GOAL  GOAL will ensure that your password is easy to remember but impossible to guess:  G – Gibberish  O – Only you must know  A – All the characters  L – Long  Let’s understand each of these in more detail Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 7
G = Gibberish  Your password needs to look like complete gibberish  This is a large component to making a password unguessable  Password cracking software relies on dictionaries to accelerate its guesswork  If nothing in your password can be found in their dictionaries, bad guys have to brute force their guesses by changing one character at a time – and that takes time  If your password is mostly or all dictionary-based, it can be cracked in seconds Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 8
O = Only You Must Know  Your password, or any component of your password, must never be known by anybody but you. There are two corollaries to this rule:  You must never tell it to anyone. If you write it down it must be completely hidden, locked, and/or temporary.  Nobody should be able to guess or know any piece of your password. Do NOT use these, they are ALL in the dictionaries!  Pet or relative names  Dates  Songs, lyrics or bands  Famous movie or book quotes Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 9
A = All the Characters  (a-z, A-Z, 0-9, special) need to be used  Most password creation systems enforce this  The more characters from which to choose means more guesses will be required from the password cracking programs. And every guess takes time.  You want to maximize the average number of Brute Force Guesses: Average Number of Brute Force Guesses = 𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆 𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔 𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉 𝟐 Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 10
L = Long!  In 2013 it took just a few hours to crack an otherwise bulletproof 8-character password  To stay ahead of cracking technology, your password needs to be at LEAST as long as the last 2 digits of the current year  In 2015 your password should be at least 15 characters long Average Number of Brute Force Guesses = 𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆 𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔 𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉 𝟐 January 2015 Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 11
GOAL Examples OK, that all makes sense. But how can I memorize this gibberish? Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 12
The Big Secret  Complicated strings of characters are easy to memorize if  You already know what you are memorizing  You recall those characters often over the course of the day  These example GOAL passwords are really encoded phrases, but you would never know it! Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 13
The Encoding  AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears plus The Three Little Pigs  $k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal flush in Las Vegas Huh? How did you get that?! www.EasySecurityOnline.com 14
AuLx&D3osoS+3lpGs Ah, I get it! Au Lx & D3 osoS +3 lpGs Chemical symbol for Gold Abbrev for “locks” and the Three Spanish for “bears” and The Three Little Pigs www.EasySecurityOnline.com 15
$k5!1n10-ArfiNlv It’s starting to make sense now! I want to create my own… $k5 ! 1n 10-A rf iNlv rearranged $5k = $5000 (wow that's a lot of money!) won in a 10 through Ace royal flush In Las Vegas www.EasySecurityOnline.com 16
How to Create Your Own GOAL Password  Brainstorm past events that practically only you would know about  Brainstorm goals that you want to achieve in the next 3, 6, or 9 months  Do this now on a separate sheet of paper  No, really. Try it!  Now pick one of your brainstormed phrases  Here’s mine for this example: My goal is 3 sets of 50 pushups and 100 situps www.EasySecurityOnline.com 17
Encode Your New Password to Gibberish  Try Roman numerals for smaller numbers  Any spelled-out numbers anywhere? Translate them to numerals: w8<, 10s, 42n8, iPh1 (weightless, tennis, fortunate, iPhone)  Know any foreign languages? Pick a word or two and translate it  Use the periodic table – either words or (atomic) numbers to chemical symbols  Xprmnt w/ rmvng d vwls www.EasySecurityOnline.com 18
More Encoding Ideas Character Substitution Reference And & or + Or | 10 d (deca) Is / Are : or = Above / Over ^ 100 c (cent) Isn’t / Aren’t <> or != About ~ 1000 K (kilo) The d Wow ! 1,000,000 M (mega) Be b Too, to 2 1 billion G (giga) In n For, fore 4 micro u With w/ ate 8 Digits <shift> digit www.EasySecurityOnline.com 19
Example Encoding  My Phrase: My goal is 3 sets of 50 pushups and 100 situps gl=3sPu50@+1csU gl= 3sPu 50@ + 1c sU My goal is 3 sets pushups 50 each and 100 situps www.EasySecurityOnline.com 20
Check your work – does it meet all four GOAL rules? gl=3sPu50@+1csU Gibberish  Only You Must Know  All the Characters  Long (15 characters in 2015)  www.EasySecurityOnline.com 21
Memorize  OK, how do you memorize something like that?  Let’s go through the steps on the next slide  First, write down your new GOAL password on a sticky note  Destroy all other papers  One of the most important accounts we have is our main email account. Let’s change its password… www.EasySecurityOnline.com 22
Memorization = Repetition 1. Login to your main email account with your old, not-quite-so-good (or really bad) password. 2. Change it to one of your new good GOAL passwords. 3. Logout of your email account and close your browser or email program. 4. Reopen your email and login with your new good GOAL password. It worked!!! 5. Turn your paper over so you can't see your new good GOAL passwords. 6. Logout and re-login to your email account. Wow! 7. Go get a drink of water and a snack - you earned it! 8. Logout and re-login to your email without looking at your paper. Could you do it? Look at your paper if you must. 9. Keep doing this - login, logout, login, logout - each time allowing for a longer and longer snack in between. Keep increasing the delay between logins. Feeling more confident? www.EasySecurityOnline.com 23
Congratulations!  Your email account is now more secure than 98% of the population  This is an awesome first step!  Destroy your sticky note. Don’t let anyone find it www.EasySecurityOnline.com 24
One Good GOAL Password is NOT enough  You must NOT reuse this (or any other) password  Every single account needs a DIFFERENT good GOAL password  So…  How do you generate so many?  How do you keep track of them all? www.EasySecurityOnline.com 25
More Slideshares Coming  Until then check out the Kindle eBook on Amazon.com  The easy, step-by-step way to protect your online accounts like the security professionals  You will learn  More about the GOAL method of remembering the 4 rules of a good password, and WHY each rule is important.  Two different fun methods to create good GOAL passwords, anytime you want! You’ll look at your new passwords and be amazed – nobody will ever guess these things.  Why it’s so super duper critical that you NEVER EVER use a password on more than one site.  How to identify websites that may not be protecting your account information well enough, and what you can do about it.  Easy systems to propagate good GOAL passwords to all of your online accounts, no memorization required! www.EasySecurityOnline.com 26

Recommended

Let me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsLet me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsMarian Merritt
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
Privacy Primer
Privacy PrimerPrivacy Primer
Privacy PrimerConnectSafely
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 

Recommended

Let me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsLet me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsMarian Merritt
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
Privacy Primer
Privacy PrimerPrivacy Primer
Privacy PrimerConnectSafely
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 

Recently uploaded (20)

All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

How to create a bulletproof password

  • 1. How to Create a Bulletproof Password that You Can Easily Remember WWW.EASYSECURITYONLINE.COM
  • 2. What We’ll Cover  State of the union  4 Rules of a great password - GOAL  Examples of bulletproof GOAL passwords  Easily create your own GOAL password  The dirt-simple way to drill it into your memory  Next steps www.EasySecurityOnline.com 2
  • 3. Data is Leaked All The Time  Your credentials have already been compromised  They will be compromised again www.EasySecurityOnline.com 3
  • 4. People Use Terrible Passwords  The Top 50 Passwords according to http://wpengine.com/unmasked/  Is yours in here? www.EasySecurityOnline.com 4
  • 5. People Reuse Passwords  Extremely dangerous!  If a hacker figures out your password on one site, they will try it on other sites  I hope you’re not protecting anything important on those other sites www.EasySecurityOnline.com 5
  • 6. But Good Password Policy is Too Hard  “I can’t come up with a complex password”  “I can’t remember complicated passwords”  “I can’t keep all those passwords straight” Nonsense! I’ll show you how to do it First let’s understand the four rules of making a good password… www.EasySecurityOnline.com 6
  • 7. 4 Rules of a Good Password – GOAL  GOAL will ensure that your password is easy to remember but impossible to guess:  G – Gibberish  O – Only you must know  A – All the characters  L – Long  Let’s understand each of these in more detail Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 7
  • 8. G = Gibberish  Your password needs to look like complete gibberish  This is a large component to making a password unguessable  Password cracking software relies on dictionaries to accelerate its guesswork  If nothing in your password can be found in their dictionaries, bad guys have to brute force their guesses by changing one character at a time – and that takes time  If your password is mostly or all dictionary-based, it can be cracked in seconds Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 8
  • 9. O = Only You Must Know  Your password, or any component of your password, must never be known by anybody but you. There are two corollaries to this rule:  You must never tell it to anyone. If you write it down it must be completely hidden, locked, and/or temporary.  Nobody should be able to guess or know any piece of your password. Do NOT use these, they are ALL in the dictionaries!  Pet or relative names  Dates  Songs, lyrics or bands  Famous movie or book quotes Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 9
  • 10. A = All the Characters  (a-z, A-Z, 0-9, special) need to be used  Most password creation systems enforce this  The more characters from which to choose means more guesses will be required from the password cracking programs. And every guess takes time.  You want to maximize the average number of Brute Force Guesses: Average Number of Brute Force Guesses = 𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆 𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔 𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉 𝟐 Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 10
  • 11. L = Long!  In 2013 it took just a few hours to crack an otherwise bulletproof 8-character password  To stay ahead of cracking technology, your password needs to be at LEAST as long as the last 2 digits of the current year  In 2015 your password should be at least 15 characters long Average Number of Brute Force Guesses = 𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆 𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔 𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉 𝟐 January 2015 Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 11
  • 12. GOAL Examples OK, that all makes sense. But how can I memorize this gibberish? Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 12
  • 13. The Big Secret  Complicated strings of characters are easy to memorize if  You already know what you are memorizing  You recall those characters often over the course of the day  These example GOAL passwords are really encoded phrases, but you would never know it! Example GOAL Passwords AuLx&D3osoS+3lpGs $k5!1n10-ArfiNlv www.EasySecurityOnline.com 13
  • 14. The Encoding  AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears plus The Three Little Pigs  $k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal flush in Las Vegas Huh? How did you get that?! www.EasySecurityOnline.com 14
  • 15. AuLx&D3osoS+3lpGs Ah, I get it! Au Lx & D3 osoS +3 lpGs Chemical symbol for Gold Abbrev for “locks” and the Three Spanish for “bears” and The Three Little Pigs www.EasySecurityOnline.com 15
  • 16. $k5!1n10-ArfiNlv It’s starting to make sense now! I want to create my own… $k5 ! 1n 10-A rf iNlv rearranged $5k = $5000 (wow that's a lot of money!) won in a 10 through Ace royal flush In Las Vegas www.EasySecurityOnline.com 16
  • 17. How to Create Your Own GOAL Password  Brainstorm past events that practically only you would know about  Brainstorm goals that you want to achieve in the next 3, 6, or 9 months  Do this now on a separate sheet of paper  No, really. Try it!  Now pick one of your brainstormed phrases  Here’s mine for this example: My goal is 3 sets of 50 pushups and 100 situps www.EasySecurityOnline.com 17
  • 18. Encode Your New Password to Gibberish  Try Roman numerals for smaller numbers  Any spelled-out numbers anywhere? Translate them to numerals: w8<, 10s, 42n8, iPh1 (weightless, tennis, fortunate, iPhone)  Know any foreign languages? Pick a word or two and translate it  Use the periodic table – either words or (atomic) numbers to chemical symbols  Xprmnt w/ rmvng d vwls www.EasySecurityOnline.com 18
  • 19. More Encoding Ideas Character Substitution Reference And & or + Or | 10 d (deca) Is / Are : or = Above / Over ^ 100 c (cent) Isn’t / Aren’t <> or != About ~ 1000 K (kilo) The d Wow ! 1,000,000 M (mega) Be b Too, to 2 1 billion G (giga) In n For, fore 4 micro u With w/ ate 8 Digits <shift> digit www.EasySecurityOnline.com 19
  • 20. Example Encoding  My Phrase: My goal is 3 sets of 50 pushups and 100 situps gl=3sPu50@+1csU gl= 3sPu 50@ + 1c sU My goal is 3 sets pushups 50 each and 100 situps www.EasySecurityOnline.com 20
  • 21. Check your work – does it meet all four GOAL rules? gl=3sPu50@+1csU Gibberish  Only You Must Know  All the Characters  Long (15 characters in 2015)  www.EasySecurityOnline.com 21
  • 22. Memorize  OK, how do you memorize something like that?  Let’s go through the steps on the next slide  First, write down your new GOAL password on a sticky note  Destroy all other papers  One of the most important accounts we have is our main email account. Let’s change its password… www.EasySecurityOnline.com 22
  • 23. Memorization = Repetition 1. Login to your main email account with your old, not-quite-so-good (or really bad) password. 2. Change it to one of your new good GOAL passwords. 3. Logout of your email account and close your browser or email program. 4. Reopen your email and login with your new good GOAL password. It worked!!! 5. Turn your paper over so you can't see your new good GOAL passwords. 6. Logout and re-login to your email account. Wow! 7. Go get a drink of water and a snack - you earned it! 8. Logout and re-login to your email without looking at your paper. Could you do it? Look at your paper if you must. 9. Keep doing this - login, logout, login, logout - each time allowing for a longer and longer snack in between. Keep increasing the delay between logins. Feeling more confident? www.EasySecurityOnline.com 23
  • 24. Congratulations!  Your email account is now more secure than 98% of the population  This is an awesome first step!  Destroy your sticky note. Don’t let anyone find it www.EasySecurityOnline.com 24
  • 25. One Good GOAL Password is NOT enough  You must NOT reuse this (or any other) password  Every single account needs a DIFFERENT good GOAL password  So…  How do you generate so many?  How do you keep track of them all? www.EasySecurityOnline.com 25
  • 26. More Slideshares Coming  Until then check out the Kindle eBook on Amazon.com  The easy, step-by-step way to protect your online accounts like the security professionals  You will learn  More about the GOAL method of remembering the 4 rules of a good password, and WHY each rule is important.  Two different fun methods to create good GOAL passwords, anytime you want! You’ll look at your new passwords and be amazed – nobody will ever guess these things.  Why it’s so super duper critical that you NEVER EVER use a password on more than one site.  How to identify websites that may not be protecting your account information well enough, and what you can do about it.  Easy systems to propagate good GOAL passwords to all of your online accounts, no memorization required! www.EasySecurityOnline.com 26