How to Create Bulletproof Passwords

By
Services for Real Estate Pros with IDTheftSecurity.com Inc

It is a hassle to keep track of all of your passwords. So, many people use the same username and password combination for all of their accounts. This, however, is a big mistake. All it takes is one hacker getting ahold of one of your accounts, and the rest of your accounts are now compromised. Thankfully, there is a pretty easy way around this…One way is a password manager and for those who don’t trust them, try below.

Creating Passwords that are Unique

The best passwords are 14 characters. Passwords that are shorter are statistically much easier to guess. If a site doesn’t allow a password that is 14 characters, you can adapt the following to fit:

Make a list of all websites you have a username and password for, and then make lists categorizing them. For instance, put all of your social media sites together, your email sites, your shopping sites, and banking sites.

Next, create an eight-character password. This will be used as the first part of every password that you create. For instance, it might look like this:

H76&2j9@

Next, look at your categories. Create a three-character password for those. So, you might do this:

  • Social media sites – SM$
  • Email sites – @eM
  • Shopping sites – $ho
  • Banking sites – BaN

Finally, the last three characters of the 14-character password will be specific to the website.

Let’s say you are creating a password for your Facebook account:

Eight-character + three-character (category) + three-character (unique to site)

So, your password for Facebook would be:

H76&2j9@SMSg5P

This is now a very strong password ad for some of you that is much easier to remember. But not me, above doesn’t work for me. More in a minute…When you have to change your password in the future, you can keep the final six characters and just change the first eight.

So, how do you remember the first part of the password? One way is to just write it down in a secure location. Don’t keep in near the computer, though. Another thing that you can do is to create a passphrase, which makes it easy to remember a password.

Let’s use this phrase

“My sister asked me for milk and butter.” If you take the first letter of all of those words, you would have this:

MSAMFMAB

This could be used as your eight-character common denominator.

You can even go further and make it more secure by swapping out some of the letters with numbers or symbols:

M3AM4MA8

Now, the common part of the password is even more difficult to guess, yet still fairly easy to remember. You can also use this method for the shorter part of the password, or even come up with your own methods for password success.

Oh and that “in a minute” comment…just use a password manager and forget the above madness. My password manager created this: *zWo5j!wUxCVWV and it means nothing and I’ll never remember it because my password manager serves as my memory now.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

close

Re-Blogged 2 times:

Re-Blogged By Re-Blogged At
  1. Fred Griffin presently on Leave of Absence 12/23/2018 06:17 AM
  2. Gabe Sanders 12/30/2018 11:00 PM
Topic:
ActiveRain Community
Tags:
password
password security
password manager
master password

Post a Comment
Spam prevention
Spam prevention
Show All Comments
Rainer
363,391
Jerry Lucas
ABC Legal Docs LLC - Colorado Springs, CO
Mobile Notary Colorado Springs, CO Notary Training

This is bad password advice.

If every password is 14 characters, starts with the same 8-character prefix, then a 3-character category code, then a 3-character random code, only 3 characters out of 14 are random. The other characters follow a fixed pattern and are not random. This greatly weakens the password system. Password cracking computers can test up to 300,000 passwords per second.

If a hacker is able to discover one password, it will be easy for a computer to crack the same or similar password permutations on other user accounts.

If a hacker discovers two passwords in the same category, such as banking (BaN), and detects the passwords have a matching pattern in the first 11 characters, now they only need to guess the last 3 characters to break into all your banking accounts.  Then they can also crack your other accounts using this password system.

Keep all of the password characters random and use a unique password for every account. Then, if a hacker discovers one password, it provides no clues to the other passwords. Each password is unrelated and follows no pattern.

I use LastPass password manager with a long, strong, unique, random password for each account. I also use two-factor authentication, so a hacker cannot break in with a password alone. They also need possession of my smartphone or USB YubiKey.

Dec 24, 2018 07:14 PM #14
Rainmaker
296,522
Dennis J. Zisa & Associates, Inc.
Dennis J. Zisa & Associates, Inc. - Camden, NJ
28 years in So. Jersey and the Greater Camden area

Thank you for this great insight.  I just purchased a pasword manager, but I will save these ideas for creating strong passwords.

Dec 24, 2018 07:31 PM #15
Rainer
41,966
Peter Lake
Harborside Sothebys International Realty - Marblehead, MA
Associate Broker

This method is unnecessaryily complicated. What counts most is length, not unique characters.  
If you used:
ActiveRainYourName  you'd be quite secure.
Check it out on this website: http://password-checker.online-domain-tools.com/
and you'll find it takes many millions of years for a brute force attack.
Length counts in passwords. Make it long and easy to remember.

Dec 24, 2018 08:20 PM #16
Rainmaker
614,352
Debra Leisek
Bay Realty,Inc Homer Alaska - Homer, AK

so 123456 just isnt going to cut it anymore? or the ever popular password12

seriously, these are some very good thoughts to ponder!!

 

 

Dec 24, 2018 09:52 PM #17
Rainmaker
2,094,275
Sharon Tara
Sharon Tara Transformations - Portsmouth, NH
New Hampshire Home Stager

It seems like having the same beginning and middle is too much like having the same password for all. I just keep a list of my passwords. I hate dealing with passwords but unfortunately it's what we have to do today.

Dec 25, 2018 04:56 AM #18
Rainer
4,163
Ricardo Cobos
Keller Williams Realty Garner - Garner, NC
Specializing in Sellers and Investors in So . Wake

I've used LastPass for years. I'm an unpaid advocate. I don't know any of my passwords because they are all random and 12 - 16 characters. As a result i am happy to say that although my individual data has been compromised in various widely reported hacks, none resulted in any further fraudulent activity.

LastPass offers a  total free desktop version which has all the features of a paid version that integrates with all the majoe web browsers.  They also  offer a paid version that gets you  mobile for androind and iOs that will auto fill your apps for only $12 per year.

Dec 25, 2018 05:35 AM #19
Rainer
278,096
Ron Aguilar
Continental Mortgage - Saint George, UT
Mortgage & Real Estate Advisor since 1995

Excellent subject to post, thanks for your time. 

Dec 26, 2018 06:53 AM #20
Rainmaker
368,638
Travis "the SOLD man" Parker; Associate Broker
Team Linda Simmons, Enterprise, AL 36330 - Enterprise, AL
email: Travis@theSOLDman.me / cell: 334-494-7846

GREAT tips. I use Last Pass, but sometimes, I can't get into it, so will need my remembered p/w, and your method makes sense. THANKS!

Dec 26, 2018 07:40 AM #21
Ambassador
3,914,717
Jeff Dowler, CRS
Solutions Real Estate - Carlsbad, CA
The Southern California Relocation Dude

Hi Robert

Thanks as always for the tips on being more secure. Keeping up with all the different passwords, and changing them, is a challenge. I can definitely do a better job using your suggestions.

Jeff

Dec 26, 2018 08:04 AM #22
Rainmaker
1,737,551
Lottie Kendall
Compass - San Francisco, CA
Helping make your real estate dreams a reality

This is fascinating and so very important, Robert. Do you, Jerry Lucas or anyone else have experience with Google passwords? Lots of recommendations here for Last Pass, but so far no mention of the Google program. TIA! 

Dec 26, 2018 08:04 AM #23
Rainmaker
966,685
Jan Green
Value Added Service, 602-620-2699 - Scottsdale, AZ
HomeSmart Elite Group, REALTOR®, EcoBroker, GREEN

I like your phrase idea as that's so easy for us to remember.  Great thoughts here. Grouping is helpful as well. 

Dec 26, 2018 08:32 AM #24
Rainer
130,584
Anne Corbin
Long and Foster - Lake Anna - Spotsylvania, VA
Serving Lake Anna & Central Virginia

I need to go update a few passwords in case any have been compromised. Somewhat like changing batteries in the smoke detectors. Getting into the habit of changing them regularly is a good idea.

Dec 26, 2018 10:29 AM #25
Rainmaker
2,189,295
Elizabeth Weintraub Sacramento Realtor Top 1%
RE/MAX Gold - Sacramento, CA
Put 40 years of experience to work for you

While I understand your reasoning, in my experience, it is not a good idea to repeat any part of your password in another password, so I disagree. But I am not the security expert.

Just use LastPass and forget about it.

Dec 26, 2018 08:58 PM #26
Rainmaker
282,019
Shirley Coomer
Keller Williams Realty Sonoran Living - Phoenix, AZ
Realtor, Keller Williams Realty, Phoenix Az

Passwords are a challenge and I seem to get more sites needing more passwords.  I recommend not repeating any one password.

Dec 27, 2018 06:40 AM #27
Rainmaker
496,765
Mary Hutchison, SRES, ABR
Better Homes and Gardens Real Estate-Kansas City Homes - Kansas City, MO
Experienced Agent in Kansas City Metro area

THis sounds like sound advice.  I hate keeping track of all my passwords. Seems like everyone will be hacked at one time or another.

Dec 27, 2018 11:51 AM #28
Rainer
158,000
Monique Ting
INET Realty Honolulu, HI - Honolulu, HI
Your agent under the sun

Thank you for sharing this great tip!

Looks like i will be doing some major passwords reset in the new year...

Hau'oli makahiki hou!

Dec 27, 2018 01:19 PM #29
Rainmaker
784,579
Kevin Mackessy
Blue Olive Properties, LLC - Highlands Ranch, CO
Dedicated. Qualified. Local.

Recommend the app "Keeper" for keeping track of these increasingly complicated passwords. 

Dec 28, 2018 11:32 AM #30
Rainer
117,956
Anthony Kirlew
Keller Williams Legacy One Realty - Gilbert, AZ
Helping You Make Fiscally Sound Choices

Excellent advice. As a former IT/Security guy myelf, I am a big advocate for solid passwords - and changing them frequenty amidst all of the hacks out there. I also advocate for using 2 factor authentication as others have mentioned, when it is available.

Dec 30, 2018 08:02 PM #31
Rainmaker
3,187,436
Sally K. & David L. Hanson
EXP Realty 414-525-0563 - Brookfield, WI
WI Realtors - Luxury - Divorce

Excellent advice in these days of cyber fraud...something we all need !

Dec 31, 2018 05:36 AM #32
Rainer
437,705
John Dotson
Preferred Properties of Highlands, Inc. - Highlands, NC - Highlands, NC
The experience to get you to the other side!

Robert, I have to agree with Jerry Lucas.

For the most part, I used the theory of "make it something easy to remember, but quirky" and a couple of years ago had it proven to me that in password usage "Close" is good for more than hand grenades and horseshoes - it works great for hackers.

Every password used should be different, long, complex and random.

Spend a buck or two and get an on-board password manager - I don't even trust those that sync to the cloud.  It will save your soul at some point.

 

Jan 05, 2019 08:49 AM #33
Post a Comment
Spam prevention
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?

Rainmaker
843,397

Robert Siciliano

Realty Security and Identity Theft Expert Speaker
Ping me to book a program for your group
*
*
*
*
Spam prevention