One master password to rule them all, Master-Passwort, mot de passe maître, Password master

One master password to rule them all

How secure do you feel about your passwords? Password insecurity is the blight of our age. We have passwords, they are not original, and then they get stolen. At first glance, our password management practices are limited to the following three options:

  1. Recycle that one good password and place it above the laptop on a yellow sticky note.
  2. Save everything on the computer browser and hope we don’t fall for a phishing scheme.
  3. Attempt to memorize a portfolio of secure passwords.

Or, we can do the option recommended by security experts – get a password manager. But, a password manager also comes with a demand for a Master Password. Even worse, this is no subtle reference to Frodo, Sauron, and Tolkien’s “Lord of the Rings”. It is a direct reference to your need to get just one super undecipherable password to go with your password manager.

Got a case of password anxiety?

The problem is that directions for creating a super-secure password do not create a secure impression. They generate unease and panic with their three analytical demands:

  • Be at least eight characters long.
  • Combine upper and lower case letters.
  • Include at least one number and/or symbol character.

Forget this password and life as you know it is over. Or, it is back to the drawing board with another attempt to create a secure password.

Get into the rhythm

While these directions are accurate, they totally miss the point. The bad news is that most individuals, especially those without photographic memories, just can’t memorize a random mix of letters, numbers, and symbols. The good news is that we can transform these password directions into something far less intimidating, something as easy as a song. So here are four rhythmic steps to password security:

  1. Think of a funny, nonsensical sentence – it might be a phrase from a song, a description of your neighbor, or a childhood memory. Ten words will be just fine.

2. Write it down – Yes, paper will do just fine.

3. Start substituting – Take each word and substitute a letter, number, or symbol for each word.

As a simple example, here is a basic, silly romantic sentence: You are my one moon and star. Now start substituting:

“uRmi1Mn&*” is the finished product. In this password, all the major bases covered: Length, no identifiable words, and a seemingly random selection of upper and lower case, symbols, and numbers. Even more important – you should be able to remember it. The final step: Use it – Yes, and only use it for one account – like that new password manager.

Experts recommend getting silly

The password concept was suggested several years ago by security expert Bruce Schneier. As described more fully in his blog, he suggests taking a sentence or song and transform it into a password with at least nine letters, numbers, and symbols. As he suggested, “This little piggy went to market” could become “tlpWENT2m”.

A question of power and efficiency

The problem, for the security experts and the neophytes, is that the playing field is shifting towards the hackers on two major points. First, as computers become more powerful, they are able to run through a greater number of potential passwords more quickly. Second, recent password leaks, from Yahoo on down, have given the hackers a great database of actual passwords. This data on password use and composition have made password crackers more efficient than ever as they target their guessing efforts.

Words are too much

While there are real words in your original sentence, they should be substituted by individual letters or symbols in your Master Password. While putting together a string of random words into a password as recommended by the XKCD comic used to be a good security practice, it no longer is. Again, password crackers are now able to break full words more easily than seemingly random combinations.

Easy as a song

Creating a memorable master password requires some creativity, but less plagiarism. This means not directly coping that Van Halen album of “OU812” or transcribing E. E. Cummings statement about sun, moon, and stars. Instead, come up with your own sentence which is keyed to your own memory and which can’t be cut and pasted from someone else. Yes, you can be a Master Password Builder.

TL;DR

Don’t want to read the whole blog article? Then watch our latest video and subscribe to our YouTube channel for more.

Please accept personalization cookies to watch this video.

This post is also available in: GermanFrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.