This morning’s most e-mailed article in the on-line version of the New York Times is Nicole Perlroth’s “how to devise passwords that drive hackers away”. It is a somewhat apocalyptic piece that assures you you will get hacked and provides some standard advice (“forget the dictionary”) on constructing and managing strong passwords.
It leaves out my favorite technique: go global. Use a truly foreign (foreign to you) name, preferably someone you know so you can remember it. Consider the names of the delegates to the United Nations:
- Belarus: Zoya Kolontai
- Bhutan: Lhatu Wangchuk
- Brunei Darussalam: Latif Tuah
- Burundi: Herménégilde Niyonzima
Notice that we have not left countries beginning with the letter B yet and we’ve already got some winners. If you knew Mr. Niyonzima—and you yourself were not from Burundi, why not use that character string as the basis for a password? You won’t forget it because you know the guy (Hermenegilde is a guy) and the chances of a hacking program guessing it once you’ve added a number and a special character are within the acceptable limits of the risk you take with a strong password. Mix up upper and lower case and you’ve got a real good password (niYonzima*19 is a strong password for most applications).
But my other point was this: It is noteworthy that the most e-mailed article in today’s Times is on cybersecurity. It shows one reason why phishing attacks that purport to be about “your account” succeed. People on-line, think about on-line. People on-line, e-mail stuff about being on-line.