Password changes – how to keep track of passwords

The Onion gives a joking reference as to how some choose their passwords.  Putting your livelihood in the ability of hackers to guess your favorite TV show is funny.

Some in the security industry recommend passwords to be built with lots of special characters 8 digits long, upper and lower characters, even as that method also creates difficulties.

Ks%!59fT is a valid (difficult to remember- hard to crack) password, which means you will likely write down the password (which is also a nono in the security field).

Instead I would like to point to a new Password Strength description at xkcd:

password_strength

 

What should be remembered is the password without writing it down; like 4 random words as in”Correcthorsebatterystaple1″ 25 digits plus upper case and a number makes it easier to remember and provides the needed upper case and number requirements. At 26 characters it makes the password effectively impossible to guess even with a supercomputer.

 

We recommend at least 2-3 words with 20 digits plus numbers/ upper case characters. Then when keeping up with changes like every 60-90 days the password must be changed, the numbers can be modified and the length of the password is your defense.  word1-word2-word3-number1  can be changed to word1-word3-word2-number2

Example:

Correcthorsebattery1

Correcthorsebattery2

 

And as the modifications require you can change just the numbers. After the first few changes it becomes easier to remember different passwords.