Do you have less than 5 passwords sprinkled across dozens of accounts? Do you struggle to create long passwords with all those characters? Have you ever had an account hacked? Are you protecting your corporate account with something as trivially crackable as "76trombones" or "passw0rd!"?
Many people believe that good password policy is important, but it's just too hard. Nonsense! Not when you know the tricks!
In this short slideshare I will show you why strong passwords are critical, the 4 rules of creating a strong password, examples of these passwords and how they were created, the simple way to create a bulletproof password yourself, and the duh-easy way to memorize it!
You'll kick yourself for not doing this sooner!
Please share. We've got to get the world following a better password policy.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
How to create a bulletproof password
1. How to Create a Bulletproof
Password that You Can
Easily Remember
WWW.EASYSECURITYONLINE.COM
2. What We’ll Cover
State of the union
4 Rules of a great password - GOAL
Examples of bulletproof GOAL passwords
Easily create your own GOAL password
The dirt-simple way to drill it into your memory
Next steps
www.EasySecurityOnline.com
2
3. Data is Leaked All The Time
Your credentials have already been compromised
They will be compromised again
www.EasySecurityOnline.com
3
4. People Use Terrible Passwords
The Top 50 Passwords according to http://wpengine.com/unmasked/
Is yours in here?
www.EasySecurityOnline.com
4
5. People Reuse Passwords
Extremely dangerous!
If a hacker figures out your
password on one site, they
will try it on other sites
I hope you’re not protecting
anything important on those
other sites
www.EasySecurityOnline.com
5
6. But Good Password Policy is Too Hard
“I can’t come up with a complex password”
“I can’t remember complicated passwords”
“I can’t keep all those passwords straight”
Nonsense!
I’ll show you how to do it
First let’s understand the four rules of making a good password…
www.EasySecurityOnline.com
6
7. 4 Rules of a Good Password – GOAL
GOAL will ensure that your password is easy to
remember but impossible to guess:
G – Gibberish
O – Only you must know
A – All the characters
L – Long
Let’s understand each of these in more detail
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
7
8. G = Gibberish
Your password needs to look like complete gibberish
This is a large component to making a password
unguessable
Password cracking software relies on dictionaries to
accelerate its guesswork
If nothing in your password can be found in their dictionaries,
bad guys have to brute force their guesses by changing one
character at a time – and that takes time
If your password is mostly or all dictionary-based, it can be
cracked in seconds
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
8
9. O = Only You Must Know
Your password, or any component of your password, must
never be known by anybody but you. There are two
corollaries to this rule:
You must never tell it to anyone. If you write it down it must be
completely hidden, locked, and/or temporary.
Nobody should be able to guess or know any piece of your
password. Do NOT use these, they are ALL in the dictionaries!
Pet or relative names
Dates
Songs, lyrics or bands
Famous movie or book quotes
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
9
10. A = All the Characters
(a-z, A-Z, 0-9, special) need to be used
Most password creation systems enforce this
The more characters from which to choose means more guesses will be
required from the password cracking programs. And every guess takes
time.
You want to maximize the average number of Brute Force Guesses:
Average
Number of
Brute Force
Guesses
=
𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆
𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔
𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉
𝟐
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
10
11. L = Long!
In 2013 it took just a few hours to crack an otherwise
bulletproof 8-character password
To stay ahead of cracking technology, your password
needs to be at LEAST as long as the last 2 digits of the
current year
In 2015 your password should be at least 15 characters long
Average
Number of
Brute Force
Guesses
=
𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒑𝒐𝒔𝒔𝒊𝒃𝒍𝒆
𝒄𝒉𝒂𝒓𝒂𝒄𝒕𝒆𝒓𝒔
𝒑𝒂𝒔𝒔𝒘𝒐𝒓𝒅 𝒍𝒆𝒏𝒈𝒕𝒉
𝟐
January
2015
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
11
12. GOAL Examples
OK, that all makes sense. But how can I memorize this
gibberish?
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
12
13. The Big Secret
Complicated strings of characters are easy to
memorize if
You already know what you are memorizing
You recall those characters often over the course of
the day
These example GOAL passwords are really
encoded phrases, but you would never know it!
Example GOAL Passwords
AuLx&D3osoS+3lpGs
$k5!1n10-ArfiNlv
www.EasySecurityOnline.com
13
14. The Encoding
AuLx&D3osoS+3lpGs = Goldilocks and the Three Bears
plus The Three Little Pigs
$k5!1n10-ArfiNlv = $5000 won in a 10 J Q K A royal
flush in Las Vegas
Huh? How did you get that?!
www.EasySecurityOnline.com
14
15. AuLx&D3osoS+3lpGs
Ah, I get it!
Au Lx & D3 osoS +3 lpGs
Chemical
symbol for
Gold
Abbrev
for “locks”
and the Three Spanish
for
“bears”
and The
Three
Little Pigs
www.EasySecurityOnline.com
15
16. $k5!1n10-ArfiNlv
It’s starting to make sense now!
I want to create my own…
$k5 ! 1n 10-A rf iNlv
rearranged
$5k = $5000
(wow that's
a lot of
money!)
won in a 10 through
Ace
royal flush In Las
Vegas
www.EasySecurityOnline.com
16
17. How to Create Your Own GOAL
Password
Brainstorm past events that practically only you would know about
Brainstorm goals that you want to achieve in the next 3, 6, or 9
months
Do this now on a separate sheet of paper
No, really. Try it!
Now pick one of your brainstormed phrases
Here’s mine for this example:
My goal is 3 sets of 50 pushups and 100 situps
www.EasySecurityOnline.com
17
18. Encode Your New Password to
Gibberish
Try Roman numerals for smaller numbers
Any spelled-out numbers anywhere? Translate them to
numerals: w8<, 10s, 42n8, iPh1 (weightless, tennis, fortunate,
iPhone)
Know any foreign languages? Pick a word or two and translate
it
Use the periodic table – either words or (atomic) numbers to
chemical symbols
Xprmnt w/ rmvng d vwls
www.EasySecurityOnline.com
18
19. More Encoding Ideas
Character Substitution Reference
And & or + Or | 10 d (deca)
Is / Are : or = Above / Over ^ 100 c (cent)
Isn’t / Aren’t <> or != About ~ 1000 K (kilo)
The d Wow ! 1,000,000 M (mega)
Be b Too, to 2 1 billion G (giga)
In n For, fore 4 micro u
With w/ ate 8 Digits <shift> digit
www.EasySecurityOnline.com
19
20. Example Encoding
My Phrase: My goal is 3 sets of 50 pushups and 100 situps
gl=3sPu50@+1csU
gl= 3sPu 50@ + 1c sU
My goal
is
3 sets
pushups
50 each and 100 situps
www.EasySecurityOnline.com
20
21. Check your work – does it meet all
four GOAL rules?
gl=3sPu50@+1csU
Gibberish
Only You Must Know
All the Characters
Long (15 characters in
2015)
www.EasySecurityOnline.com
21
22. Memorize
OK, how do you memorize something like that?
Let’s go through the steps on the next slide
First, write down your new GOAL password on a
sticky note
Destroy all other papers
One of the most important accounts we have is our
main email account. Let’s change its password…
www.EasySecurityOnline.com
22
23. Memorization = Repetition
1. Login to your main email account with your old, not-quite-so-good (or really bad) password.
2. Change it to one of your new good GOAL passwords.
3. Logout of your email account and close your browser or email program.
4. Reopen your email and login with your new good GOAL password. It worked!!!
5. Turn your paper over so you can't see your new good GOAL passwords.
6. Logout and re-login to your email account. Wow!
7. Go get a drink of water and a snack - you earned it!
8. Logout and re-login to your email without looking at your paper. Could you do it? Look at your paper if
you must.
9. Keep doing this - login, logout, login, logout - each time allowing for a longer and longer snack in
between. Keep increasing the delay between logins.
Feeling more confident?
www.EasySecurityOnline.com
23
24. Congratulations!
Your email account is now more secure than 98%
of the population
This is an awesome first step!
Destroy your sticky note. Don’t let anyone find it
www.EasySecurityOnline.com
24
25. One Good GOAL Password is NOT
enough
You must NOT reuse this (or any other) password
Every single account needs a DIFFERENT good
GOAL password
So…
How do you generate so many?
How do you keep track of them all?
www.EasySecurityOnline.com
25
26. More Slideshares Coming
Until then check out the Kindle eBook on Amazon.com
The easy, step-by-step way to protect your online accounts
like the security professionals
You will learn
More about the GOAL method of remembering the 4 rules of
a good password, and WHY each rule is important.
Two different fun methods to create good GOAL passwords,
anytime you want! You’ll look at your new passwords and be
amazed – nobody will ever guess these things.
Why it’s so super duper critical that you NEVER EVER use a
password on more than one site.
How to identify websites that may not be protecting your
account information well enough, and what you can do
about it.
Easy systems to propagate good GOAL passwords to all of
your online accounts, no memorization required!
www.EasySecurityOnline.com
26