Creating a Hacker-Proof Password

  • 27 April 2013
  • 2 replies
  • 1531 views

Userlevel 7
  • Retired Webrooter
  • 1581 replies
Earlier this week, the Associated Press's Twitter account was hacked and a hacker Tweeted out “Breaking: Two Explosions in the White House and Barack Obama is ?injured.”  These mere 71 characters of text were responsible for a temporary overall value loss of an estimated $136.5 billion on the stock market.  As the day went on, and people began to realize it was a hoax, the market quickly re-stabilized.  It really underlines both the power of a single Tweet and the importance of using an unbreakable password.
 

(image: digitaltrends)
 
As easily as a hacker cracked the password to the AP account, hackers are able to break into poorly protected accounts every day - whether they are bank accounts or other sites with personal information stored in them.
 
Webroot provides a way of generating a secure password for users of Webroot SecureAnywhere Internet Security Plus and Webroot Secure Anywhere Complete.  You can read more about that here.
 
For anyone without a password generator, extra steps need to be taken to ensure the passwords you're using are not easily brute-forced by a hacker though a dictionary attack or other methods.  Andy Smith from the Scotsman has a great suggestion on how to craft a hacker-proof password.  For his example, he creates a password that is easily remembered because the characters correspond to the first letters of song lyrics.  He then further enhances the strength by replacing certain letters with numbers and adds unique characters to the password which are based on the site it's being used for, resulting an a nearly unbreakable password that is easily remembered mnemonically.
 
As this is The Scotsman, I’ll use the classic Caledonia by Dougie MacLean as an example song verse:“Let me tell you that I love you,“That I think about you all the time,“Caledonia you’re calling me,“And now I’m going home!”This acronyms nicely into “lmtytilytitayattcycmanigh!”We’re all now used to sites enforcing a level of complexity in our passwords by adding capital letters, punctuation and numbers.So to keep the password complexity rules happy, we can add the punctuation back in, include the capital letter on Caledonia, swap a couple of ?letters for numbers (the i’s for 1’s for example) and we arrive at “lmtyt1ly,t1tayatt,Cycm,an1gh!” Be as creative as you like, as long as you can memorise it.We’ve now created 29 characters of gibberish that we can easily remember, and a ?password that even at 1,000 guesses a second would take a life time to crack.The next step is to make your password different for each site. Just ensure that you pre or post cede your password with something that makes it unique – the first three letters of the site and a hyphen, for example.So for Twitter we’d get: “lmtyt1ly,t1tayatt,Cycm,an1gh!-twi” or Facebook: “lmtyt1ly,t1t-ayatt,Cycm,an1gh!-fac”. Use whatever naming convention you want to use and then stick to it.This is a great way to create a very powerful password using your favorite song lyrics.  If you don't have the added benefit of the random password generator available from Webroot, do yourself a favor and start creating great passwords like Andy's.

2 replies

Userlevel 5
I'd like to share this with our members in regards to creating a hacker proof password. I have had great success with
GRC's Ultra High Security
Password Generator
There are 64 random characters you can choose from. Here is the URL I hope this will help everyone that is concerned about passwords.
https://www.grc.com/passwords.htm
Userlevel 7
Thank you tsr:)

Reply