We all know that our privacy is invaluable and we strive to keep it four ourselves but sometimes some of the service providers we rely on to keep our privacy safe are a bit careless.
Based on a short research about distributed password cracking I conducted a couple of months ago I was astonished how easy can a password be found using an word dictionary built using educated guesses. So I decided to take action for my own cyberlife.
According to howsecureismypassword.net my common-use password was quite secure… but then when I saw that some websites are not keeping it safe (in some cases not even encrypted), I decided I need to have a sort of password set in order to have a different password for each account, because if one shares the same password (or set of passwords) over most of the accounts, when one of them gets hijacked then all of the accounts are in jeopardy, hence the privacy can be violated completely.
So I started thinking about how to have dynamic passwords and still remembering them and which password belong to which account. Previously I used a password with 3 variations over different accounts.. for example in one variation I had a capital at a certain point, but even with those 3 variations sometimes I really went nuts trying all the combinations possible (since I have 3 email addresses which I interchangeably use do the math…)
While trying to find a common thing that I could relate each account to a password, a brilliant idea stroke me. Why not including something that represents the account into the password? What could be that? well all accounts have at least one thing in common, they all are on a so-called localhost address, that being the place where they are used.
So the dynamic password scheme could be achieved by having a static base password which will be common on all the accounts ( I suggest making the base pretty secure with capitals, numbers and special characters) + a salt that is generated from the account’s host name.
This technique is called password salting and is very common in Wi-Fi security.
So we are going to use a very simple salting:
static password: p@ssw0rd
salt: generated from the first 3 letters of the host name
general password: static password + salt
So if I make a google account following this scheme the password used would be: p@ssw0rdgoo
for a yahoo account the password would be: p@ss0rdyah .. and so on
You could make you own salting formula, but you should keep in mind that choosing a long salt might get you into troubles when trying to apply the formula on very short-named domains like x.org (can still be managed by adding a number of “default characters” until it has the same length as the other passords).
I am using this technique now for most of my passwords, and I will adopt it for all of them soon and it’s really painless. I am considering to apply this even to my computer password by using the computer name to generate the salt and why not event to offline applications or documents.
I hope this tip helps you secure your cyberlife and saves you from headaches while trying to remember tens of different account-password combinations.