Sunday, January 20, 2008

Strong Passwords - Use Phonics to Increase Password Strength

It seems that not a week goes by without some headline racing across our TVs about internet fraud or theft. Itand#8217;s never going to stop, but one of the best ways to protect ourselves from this modern menace is to develop and use effective passwords on all financially sensitive websites. Numerous articles have been written addressing this issue, and many offer similar, and good, advice: Donand#8217;t choose a word found in the dictionary Add one or more numbers Use one or more capital letters Make it at least eight characters Add a symbol. A password utilizing this criteria might look something like this: G8iwn2*B. Although this is a strong password, has no meaning and is therefore difficult to remember. So the question arises: how do we utilize the above criteria while creating something memorable and difficult to crack? One of the interesting things about the English language is that a single sound can be spelled many ways. Take the long E sound, for example, as in see. It can be spelled e, ee, ea, ey, ei, i, ie. Or how about the SH sound, as in sheet. Try sh, s, ti, ci, si, ch. Here is how to incorporate this apparent flaw of English to create strong and memorable passwords. First, choose a meaningful name, the shorter the better. Letand#8217;s say your maternal grandmotherand#8217;s maiden name was Cox. We are going to take the letters of her name and spell them phonetically. C becomes See. O becomes Oh. X becomes Ex. So C-O-X becomes SeeOhEx. Do you see it? Say it out loud if you have having trouble. If she was born in 1918, we can incorporate those numbers like this: 1See9Oh1Ex8. Perhaps your grandmother was rich, so weand#8217;ll add a dollar sign: 1See9Oh1Ex8$. Another security tip is to change passwords periodically. Because the same sound can often be spelled several ways, the password above can morph to: 19SeaOaEks$18. Can you still see the C-O-X? So now we have a password that: is not a word found in the dictionary uses more than number incorporates more than one capital letter is more than eight characters has a symbol and is meaningful! More Tips For Success: Once you have formulated a possible password, open your word processing program and practice typing it. Your goal is for it to flow smoothly off your fingers so you no longer need to think about it. Spend time trying to get a mental picture of what your password looks like. Write it down and study it to help cement the image into your memory. Be sure to shred the paper later. Make sure you can easily sound out the phonetic parts and that the phonetic parts make sense to you. When entering passwords online, distinguish between high security sites and low security sites. Your online subscription to Amateur Boating Today does not require a complex password. Donand#8217;t use one for sites donand#8217;t need it. For a higher level of security, donand#8217;t use obvious words, such as your favorite pet, your childand#8217;s name, or your first name. Good word choices include short words from your familyand#8217;s past. Some examples: your fatherand#8217;s first car (Ford becomes EfOhArDee); the name of the city where your cousin was born (Dover becomes DeOhVeEeAr); the first name of your motherand#8217;s best friend in high school (Gayle becomes JeeAyWyElEe). Choose something that still has meaning for you and is not so obscure that, after setting it up on a site, you later scratch your head and have to call tech-support. Donand#8217;t forget to add a significant number and symbol. If you have trouble with the phonetics of a particular word, either chose an easier word, or browse through a dictionary to help you find alternate spellings for particular sounds. Good luck and happy passwording! About the Author: Jennifer A. Thieme, owner of Solid Rock Accounting Services, is a Certified QuickBooks Advisor and a Registered Tax Preparer. She has been in the bookkeeping and tax field for nine years. She considers the diagnosis and resolution of accounting-related problems her specialty. Her articles have appeared in the Intuit ProConnection Newsletter. Contact her via jenniferthieme.com with your accounting related questions.

No comments: