Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

How to Make a Strong Password

Although Wise Owl Legal takes a number of precautions to keep your data secure, in the end, your password is the most important factor in keeping unauthorised people out of your Appliance. A well chosen password will keep even the most determined hacker from accessing your Appliance. However, a poorly chosen password can grant access to a competitor, a disgruntled employee, or even a teenager with too much time on their hands.

What Makes a Good Password

Three things make a good password:

  1. It is hard for someone else to guess.
  2. It is easy for you to remember. 
  3. It is not reused on some other website.

The point of a password is so other people can't guess it. It needs to be secret and difficult to guess. If you tell your password to someone else, or if its so easy to guess your colleague, client or grandmother can guess it, you might as well not have one!

Of course, if your password is so hard to guess that even you can't remember it, well, that's pointless. And, generally, hard to guess passwords tend to be hard to remember. Further, because we can only remember perhaps 4 or 5 passwords before we get afraid we might forget something really important (like our address or partner's birthday), we tend to reuse passwords on multiple websites. Password reuse is bad because if the password for your bank is the same as the password for your favourite boutique online shop, and the shop gets hacked, your bank account is wide open for theft.

So there's a compromise you have to make between something really easy like 123456 or password, and 3497zVp63v4IC (although, as you'll see in a moment, that's not entirely true).

Step By Step Guides

Here are some step-by-step guides to making a strong password. In recommended order.

Password Managers

The best, and simplest way to make an impossible password is have the computer generate one for you, and the computer remember it for you.

  1. Generate a new, totally random, unique password like 3497zVp63v4IC.
  2. Store it securely in the password manager.
  3. When you log into Wise Owl Legal, the password manager will automatically copy the password (and even your username too) to your web browser for you.

In a sense, we are "cheating" when remembering the password. But computers remember things really well, so why not get them to do it for you? You may never even see the password it generates, but that's not a bad thing anyway.

There are a variety of high quality password managers available. Some are free, others cost money. Some work just on Windows, others can sync with your smart phone. Some look really pretty, others look like they were made by a computer programmer. Choose one and use it. For every website you visit.

Here are a list of common password managers:

  • 1Password - available on Windows, Mac, Android, iPhone and iPad. From $25.
  • LastPass - free (ad supported) on Windows and Mac. Android, iPhone and iPad costs $12 / year.
  • KeePass - available on Windows. 3rd party versions available for Mac, Android, iPhone and iPad. Free.
  • Password Safe - available for Windows only. Free.

And a review of password managers (particularly focused on 1Password).

Other alternatives include using your web browser to remember your password or even good old fashioned pen and paper.

All web browsers supported by Wise Owl Legal have an option to remember your password. Although this isn't as secure as a dedicated password manager, it means you can choose a longer, more complicated password and just let the browser remember it for you.

Pen and paper is a surprisingly good option, as long as you store the paper securely. A small pocket notepad or several pages in the back of your diary works well.

The down side of both the browser and paper options is you still need to create a password. See below for ways to generate one using a system, rather than yourself.

Your Default Wise Owl Legal Password

The password or passphrase generated by Wise Owl Legal for you is actually above the average password quality. As a computer has generated it under controlled conditions, we guarantee it's hard to guess (because it contains no personal information and is totally random). If you don't like it, you can always change it or let the system generate a different one. When you change your Wise Owl Legal password, there is an option for the system to generate a password or passphrase for you.

If you keep using that password and keep the page with your original login details in a secure location (eg: your wallet or with documents like your passport) and don't tape it to your computer screen, you'll be more secure than 95% of people. 

Generate One Using A System

There are a variety of products and systems available to produce passwords and passphrases. Using one of these is better than thinking your own password up because they ensure randomness (while humans are very bad at being random).

  • Diceware - uses a printable list of words and dice to select a passphrase. We recommend 4 or more words for an above quality passphrase. (Wise Owl Legal uses a variation of this system to generate passphrases).
  • Random Word Machine - generates pronounceable yet nonsense words. Put two or three words together to make a secure passphrase.
  • Search for password generator on the Internet - most generators make passwords like 3497zVp63v4IC, and have options to change the length, what characters appear in it and so forth.

Make Your Own

First of all, this is the least recommended way to choose your password. Please read the section below about how good password crackers are before trying to make your own password up.

The key to making your own password is being random. Whatever you include in your password must be as random as you can make it, short of being totally unmemorable. Any patterns, rules or personal information you include in it could be guessed by a password cracker.

A long list of don'ts:

  • Don't include any personal information in your password. Hackers commonly use this information to figure out a user's password, sometimes on the first attempt!
    • Don't use your name
    • Don't use any friend or family member's name
    • Don't use any famous name
    • Don't use your birthday (or family birthdays, or important historical dates)
    • Don't use your login name
    • Don't use anything to do with Wise Owl Legal
    • Don't use any information you've posted about yourself on the Internet (eg: on Facebook, Twitter, Google+, etc)
  • Don't choose a word you like, make an o into a zero, an s into a $ and stick your birthday at the end. Hackers will guess past this in seconds.
  • Don't use real words. Hackers have dictionaries containing every word and every name (and many other commonly used passwords). Many of these dictionaries are derived from public sources like Wikipedia, Project Gutenberg, Twitter and Facebook.
  • Don't use any example passwords on this page.

Here's a possible way to make a password:

  1. Choose two words at random. Eg: logic and eraser.
  2. Mix the words up, so they don't appear in their original forms. Feel free to drop a few letters or add new ones in to make it easier to remember. Eg: er-log-er-ic-as (hyphens added for clarity).
  3. Take the serial number from your computer (or phone, etc). Eg: 000413247B09
  4. Grab a few numbers from serial and add them into your new word. Eg: er4-log1-er3-ic2-as4 (hyphens added for clarity).
  5. Drop one of the parts for a final password: log1er3ic2as4 

Even better than a password is a passphrase. Although they tend to be longer to type, a passphrase can be as secure as 3497zVp63v4IC but much more memorable. Eg: correct horse battery staple (taken from XKCD).

Other tips which will work with Wise Owl Legal (but not on all other websites):

  • You can enter non-English characters as part of your password. If you speak a different language, choose one English word and one in another language. 
    • Or even write an English word out in Japanese characters.
  • Use Diceware to choose your words instead of you.
    • Or let Wise Owl Legal generate a passphrase and you can modify it.
  • Passwords can be as long as you want. So feel free to make a 20 or 30 letter long passphrase.
  • Include spaces between words. 
  • Deliberately misspell words.
  • Don't tell the truth. Instead of choosing your pet's name, choose a headline from page 24 of today's newspaper. And then change the headline.
  • Don't be afraid to write it down. Making something longer and more complex that you write down is better than simple and memorised (and of course, long and memorised is better again!).
  • Read some more tips by the makers of OnePass.

Be Afraid of Crackers

If you think this page is pointless or overkill, think again. Password crackers are smart, highly motivated and have developed powerful tools to find your password.  

Any IT literate person can learn how to crack passwords, and do a decent job of it in one working day. Professional crackers will find up to 90% of passwords in the same time. They even hold annual competitions to see who can crack the most passwords. They use off-the-shelf hardware, available for a few thousand dollars to attempt billions (trillions for those with deep pockets) of different passwords every second. Even the computer on your desk can check millions of potential passwords each second.

Don't for a moment think your password is good enough if you've thought it up yourself. Professional crackers will find passwords like qeadzcwrsfxv1331, momof3g8kids and :LOL1313le within 24 hours. If you can think up some tricky scheme to make a password, they'll figure it out - given enough time. And they have much more time than you do; you spend a few minutes by yourself to think a password up. Crackers can spend hours, days or even weeks of time using sophisticated hardware and software programs in a competitive community to find your password.

Seriously, just use a password manager; let your computer and your iPhone do the hard work for you.

 

  • No labels