Making up passwords and passphrases

I’m writing this because I was told that one of my rarely used websites uses a password that has been in a data breach.

Now I have actually taught lessons on how to keep oneself secure online. That I have been caught in a breach shows that I don’t always follow my own advice.

Nearly 18 million people were victims of identity theft in 2014, (I was writing my life skills guidelines in 2016)  with the majority of crimes targeting credit cards and bank accounts. 2.6 million of those were ages 65 and older. Now, its time to wise up all over again.

Looking back for a moment, the guidance I gave as I recall, was to stop doing a set of things:

• I  talked about the deliberate sharing of personal information by  Facebook. In May 2010, the Wall Street Journal found that Facebook had been sharing user data with advertisers without their consent. What was worrying was that after this so-called ‘privacy loophole’ came to light, Facebook claimed that they did not consider the information involved to be personally identifiable – even though it included details such as a person’s name, age, and hometown.

At the time, Facebook said they closed this particular loophole. But it wasn’t closed – as the Cambridge Analytica case in 2018 made clear, it was one of many ways they shared user data with advertisers and other business partners without the clear consent of their users. Claims were settled this year, in August.  Always use the privacy settings that suit you best.  I took them through the steps on someone’s Facebook account.

• I also talked about how your new iPhone or Android Smartphone could be a toy through which you lose your secure data. In particular I covered what not to do on public Wi-Fi.

I still turn off automatic connectivity and my Bluetooth is rarely on. I never shop in public.  Not even when all the variables are uploaded and I just have to press ‘buy it now’.   I do those three things to this day.  Online shopping security was a big part of the class discussion, as I recall.

•Then of course there was the standard theft of one’s credit or debit cards – I had lost mine, when I was speaking.  People in my class had horror stories to tell, as well.

All of that still stands.

Pass phrases

And then there is the topic of how to set your passwords and how not to do it.  I barely covered this at all.  That is because I did not yet know about pass-phrases.

A data breach I thought – huh. 

Advice on passwords

So, I looked up the current spiel on passwords, again.  The advice has changed substantially from when I last looked.

It can be summed up in a three sentences –

  1. The length of the password matters: the longer it is the harder it is to crack.  Use a lower case, an upper case a number and a symbol as well – that makes it harder – I call it LUNS.
  2. Don’t ever use the same password for several accounts is writ large in the advice. I can attest to the reality of that – I did and my password which was in a data breach, now has to be changed in all those six places.
  3. Password keeper services of different kinds are also hacked – I’ve actually heard from a hacker’s blog that those are seen as goldmines to hack successfully.

And then I read about a pass-phrase

A pass-phrase is a memorable phrase, that only you have a cause to remember.  It also incorporates LUNS – see below – for good measure.

When we were all very young, we were on a family holiday, and my brother declared in a piping note that the horse pulling our horse drawn carriage was a ‘tejaswi valabaan ashwa’ (it means a spirited, strong horse, in Sanskrit).   What made it memorable was that the words are too long for a child of four to know – he had just learned them off by heart because I was reading the Mahabharata to him – he loved all that great fighting.  Everyone laughed – and the phrase stuck.  The story circulated into the extended family.

Now if anyone amongst our friends and family uses that as a passphrase for logging into a shop selling riding equipment, it would make sense.  Nobody else would have a reason to recall that phrase, but with the memory attached, it’s the first thing that would come to mind for many of us.

So how can we incorporate LUNS in that passphrase?

  • Lower case letter – all the letters are lower case, EXCEPT
  • Upper case letter – make it as random as possible
  • Number – you could separate the phrase with a chosen number – choose 4, (brother’s age)
  • Symbol – use an exclamation mark, at the end or the beginning.

So, putting it into practice, and please don’t use this phrase as your passphrase, that would be written as follows:

!tejaswI4valabaaN4ashwA

What I have tried to avoid, are two things –

  • Using upper case as the first letter of my passphrase
  • Using a number or a symbol as last character of passphrase  This is because I am told that hackers expect this. 

It is in fact consistent with common usage – we start sentences with a capital letter. We can end it with an exclamation mark.

I had better go and change some passwords into passphrases, using my new-found method. I hope you will too. It takes a couple of minutes, but I am beginning to see that these are minutes well spent.

Leave A Comment

Your email address will not be published. Required fields are marked *