encryption part 3 secure passwords

Encryption Part 3 Passwords

This post completes my mini series and focuses on passwords.

Very long passwords and how to memorize them with ease

The key to success is being organized and to plan. We all have many passwords to remember and I do not recommend to store them in the web browser. Instead, open Notepad if you use Windows or Text Edit if you are on a Mac and create a simple document which, for now, can be called passwords.txt

passwords-v05o.txt

My sensitive info is stored in a simple text file that I call “passwords-v05o.7zp” and I keep a copy of that file in a directory on an USB stick. Let’s examine the file name. After the file description which is password, I add the version number. Seeing that info helps me with deleting backups which no longer contain the latest information. After the number 5, I add a lowercase o letter. That stands for “original” and again helps me with identifying the original from a copy.
If you are thinking that I append the letter c to a backup copy like “passwords-05c.txt then you are on the right track. That is exactly how I differentiate between the original file and the backup.

With that out of the way let’s tackle the password topic which is key to keeping information safe. To do so, we need to create a password.

How to create a secure password

I use the pwgen command which runs in the Linux terminal and the full command looks like this: pwgen -cnsy 44 5
When I press ENTER, I get the following output.

$ pwgen -cnsy 44 5
dZBb5U%;EywJU<a5v"B!io{Cuu1hS%):@9@sTeEC>~
ZEH’Pl<&jV@lb;COvwG7CD%<H/1v,waTwW[Gmx[*X%
?OCXg|^4TS84GJTmGb9J;S^Dm0/xQbe^HecY$:rJ#-WZ
os\’yfJr016}iz”c~Gs=’MF#STPYm~42/6POugca0#t S=F{MYco.Z?p[h7g9jX/U2o0kl}\ByW:e^PMO|No@??

What do the above lines mean? Let’s start with the numbers 44 and 5.
44 specifies the password length and 5 simply generates five passwords for me. This way, I can select one with a decent mix of characters or, if I feel like it, even add some here and there.
-cnsy makes sure that the characters get generated as random as possible.

If you don’t use Linux, then it’s best to use a web page such as https://passwordsgenerator.net/ to generate some random passwords.
Now back to theactual text file.

How to structure a passwords.txt file

My text file includes this data:

  1. Router admin password
    The first item I list is how I log into my router. The line looks like this:
    //Router Log In Info
    admin: ernst
    pw: ^4WEk+v#:Ry6eCN9KI@cLY_UpN4
  2. cPanel login
    Same formatting as above with username and pw.
  3. email addresses and passwords
  4. website logins and passwords
  5. important info such as “questions that music be answered correctly” etc.

When done, I add the created/last modified date at the top of the text file. Over the years, I have benefited from seeing the file creation date and version at the top of the text file. Although optional, I recommend that you do that same.

OK, this gives us a nicely formatted text file that makes selecting and copying relevant data quick and easy. Now we need to protect that text file with the one and only password which we actually have to remember. I call it the master password.

The master password

I make all of my passwords ridiculously long. Just for fun. I don’t care how long it is. 50 to 100 characters. No problem. Could I ever remember any of those? No way and why should I? What I do remember is the password that protects the passwords.txt file.

My master password is very long and just as secure but there is a method to the madness. The name of the password is the key to memorizing it. I hope that you will find my explanation helpful so here it is.

I have “something” that I know so well that I can picture it. Let me help you understand what I mean. Lets look at a picture of where I live (google map).

You can use any location in the world as long as you have that image burned into your memory. What do you see when you look at this picture? I see Vancouver, Burnaby, Coquitlam, Maple Ridge and many more names like that.
Focus on half of those names and create a red line in your mind that connects them in a random sequence. For this example, let’s use Richmond, Surrey and Langley to create a short password. The more places and names you use, the better but we’ll keep it simple in order to learn faster.

From the words Richmond, Surrey and Langley, I use the following letters:
ichd + urry + angy
If we add up the letters used so far, we get 12. Those 12 letters by themselves wouldn’t be a bad password. Humans could certainly not guess that one but we can do much better than that. Now we capitalize the second letter of every word like so:
iChd uRry aNgy
We still have 12 letters but a much stronger password because we now use mixed case letters.

Adding a separator (in between the first and second word)
There are about 30 characters on our qwerty keyboard which we can use as special characters. They are: `~!@#$%^&*()_-+={}|[]\:”;'<>?,./
It’s OK to just pick one like ! and put it in between the two words. If you did nothing more than what we just talked about, then you would have a more secure password than most people ever will have. But we are not quite done. Let’s look at the result: iChd!uRry!aNgy

Numbers

Out of all steps, this is the most important step. The “things” that I have memorized are sorted by an imaginary number. An example will make this easier to grasp.
1 Richmond, 2 Surrey, 3 Maple Ridge, 4 Walnut Grove, 5 Delta, 6 White Rock 7 Langley (and so on).

Based on the above schematic, I could use these numbers to help me with memorizing which cities I actually used for my password. In the case of Richmond, Surrey and Langley, the number representation would look like this: 127!

Do you see that advantage of making a numbered list and then using the names of that list as passwords. This way, the text file name reveals the password but the number are of no use to others. Take a look at the following password which was made from a list of 10 items. It looks like this: 138407319481236o.txt

Let’s analyze that string
The numbers tell me which names to pick (from the list). The above password is made up of 15 numbers and gives me a password length of 15 x 4 + 14 characters. 74 characters in total. Who could guess that?
The “o” tells me that this is the original text file and not the backup which would end with a b or a c which stands for copy.

What I have to memorize?
Given the above password, I have to memorize only two things:
1) Which character I used to separate the words
2) Which letters I drop and which letters I capitalize

This might seem tedious and not worth while but trusts me, once you practice and do what I describe, it will become second nature and no one will ever guess your password.
As long as you know your list of 10 things, and a pattern of how many and which letters you use from those words you are set.
Example:
aSdf*jKlo*zXcv*qWer
The above password is 19 characters long and not guessable by humans. A password hacker doesn’t know that you don’t use numbers or all symbol characters so she/he would have to run every possible combination. To run that, a cluster of computers would be needed which only well-financed operations and the government have access to. I imagine that they have bigger fish to fry then my little password file.

Note! Most if not all governments have laws in place which force you to provide a password or face serious consequences.

Password facts

How many possibilities does a given password actually have? As in, how many times would one have to try in order to break it? Normal calculators are not up for the job but our trusty Linux terminal has answers for almost everything including huge mathematical numbers. Here we go.

A computer keyboard can type 96 different characters. A script to brute-force a given password would have to try up to 96 characters if the password was 1 character long.
If a password was two characters long, the possible combinations would be: 9216
A 3-character password has up to: 884736 possible combinations and an 8-character password increases the possible combinations to 7213895789838336.
As you can see, it is impossible by humans to guess our passwords. Unfortunately, there are computer programs which use all kinds of sneaky algorithms that predict which characters we do and don’t use. Because of that, many short passwords (less than 20 characters) can be broken.

Currently, the only way to protect our data is by using very long random passwords. If we were able to memorize a 96-character password, then a super computer would have to try up to 19862704051982797580576125639477612374708322893151441233985491658847582706097318376646920317555554524971459613579567077892532792722158677152071233347563474577287871314398899332488478637162496 combinations to unlock a protected file.

Conclusion

I have hardly any secrets. Certainly nothing that the authorities would be remotely interested in. But the average crook will never read my encrypted files. Why? Because I took the time and memorized a 10 item list, a pattern of how many characters I use per word and which one(s) I capitalize and which characters I use in between to separate them.

On top of that, I use the powerful Linux “touch” command to falsify creation and last accessed dates and use many fake files that would be useless if cracked.

Coaching sessions in Vancouver and area

If you have special needs for protecting your inventions or sensitive photos then I can assist your with a one hour coaching session that goes into more sneaky details and additional tricks that I won’t document here. A one hour session is CAN$ 40 and my time of availability is Friday 2:00 PM to 9:00 PM and Saturday 8:00 AM to 6:00 PM.
If interested, contact me and we’ll take it from there

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.