Get it All

Having spent a number of years as a hardware tech support guy, I get a whole lot of questions about basic PC stuff, generally the same question over and over again. A big one in these days where we are becoming more and more involved in the Internet in both our work and personal lives is the question of password security.

Used to be that the very fact that you knew how to turn a computer on was more or less proof that you had a need to use one. Now, every moderately important function of the computer seems to include password protection and identity verification. Simple passwords definitely do not cut it anymore, even if some systems will allow you to set such a password: once you’ve set ten or fifteen passwords – probably all as the same password – you leave yourself open to a world of identity theft if you don’t use at least a semi-complex password. Social engineering will also sting you, if there are people out there that want to get the best of you, so setting your password to your wife’s name + 99 to make it complex will not do.

So, here’s a simple process you can use to make a password that is by far-and-away a better, more complex password which has the extra bonus of being easier to remember than most strong passwords. This is not entirely original, but I’ve embellished on an old trick and am going to walk you through it:

Step One: choose a song

That’s right, a song. Any old song will do, but preferably one you really dig. Find a line of lyrics in it that you find particularly inspiring and select the first letter of each word. For an example, I’m going to use Close to the Edge by YES, my favourite line and the first line of lyrics after the solo:

The time between the notes relates the color to the scene

Hmm. . . Well, right off the bat, no one is going to social-engineer that unless it’s on the poster tacked inside your cube. Even then, it’s going to be a pretty good guess, indeed.

But a strong password is one that includes at least one character out of three of the following four character types: lower-case letter (b), number(7), special character (!) or capital letter(D). So, let’s go back and see if there isn’t something else we can do to gussy up our new password. Pick from the following three steps to get your password.

Step Two: pick a capital

No, I don’t mean Washington. I mean pick a letter in the chain of letters we’ve created and make it capital. This could be any one of the characters, but for memory’s sake, pick the most significant word in the sentence, if that’s possible:
As you can see here, I’ve chosen to capitalize “Color,” since that’s the most significant word in the sentence, or at least one of them. You could use more than one capital, of course. Another option would be to do CAP-lower-CAP-lower if you wish, but this is predictable and defeats the purpose. Capitalizing the first letter is also cheating, so don’t do that! We’re almost there, let’s keep going.

Step Three: character substitution

There are two types of substitution you can use: one is to change homophones like “too/to” and “2,” the next is to change letters into numbers that sort of look like the letter. Let’s try it here:
In our current example, I’ve substituted the word “to” with the number 2. Those ones are easy, but I’ve also substituted the letter “b” in the word “between” for the number “6,” which would be harder to remember but not impossible.

Well, this is looking pretty good so far! In fact, I could easily stop right here and have a nearly unguessable password. But in case one of the above didn’t fit, let me mention something rather obvious.

Step Four: put the punctuation back!

The natural tendency would be to eliminate the punctuation when creating the password. Did you do that? If so, put it back! Those are special characters and qualify your password as being even more secure. In my case, there really isn’t any punctuation to speak of. However, since the end of a line of poetry should end in a comma or a period (according to my eighth grade English teacher!), I’ll go ahead and add it by way of example:
Viola!! There’s your password, as good as it gets. Now, even if you use it for all your passwords (unrecommended, of course), its about as secure as you’re ever going to get under the circumstances. I hope this helps a few people and I hope you found it enjoyable! Actually, when you do it this way, making passwords is actually a lot of fun!

The following is an email I received from Halifax Bank, which points to a bogus web address. This was pretty obvious to spot, since I don’t have a Halifax Bank account in the first place. In the interest of getting phishermen out into the light, here is the body of the email:

Dear valued Halifax client,

Recently there have been a large number of identity theft attempts targeting Halifax Bank customers.

In order to safeguard your account we require that you confirm your banking details. This process is mandatory.

You may do so by clicking on the below link to log into our network.

(This link has been neutered)

Failure to do so may result in temporary cessation of your account services pending submission.

Thank you for your prompt attention to this matter and your co-operation in helping us maintain the integrity of our customers accounts.

Please do not reply to this e-mail. (c) 2007 Halifax Bank, Inc.

The preceding IS A SPOOF!! Do not be fooled. The above link actually points to