LUKECOMPUTER
  Home  |   Computers  |   How to Select a Computer  |   Web Development  |   Website Checklist  |   Support  |   Who We Are  |   PassWords  |   Account  |   Checkout  



Logins and Passwords -- Let's rethink this


Complicated is NOT secure! it's more difficult...

Passwords can be a real pain but they are needed. To make things worse, companies adopt complicated password policies to make you think they are more secure. This is not the case. A complicated password policy isn't secure, it's simply more complicated which two very different things. We here at LUKECOMPUTER have adopted a common sense approach to passwords. Here is our take on it.

The Problem

I called my bank because I had problems logging in with my password and they forced me to change it...again. Three times in two months is ridiculous. I had 18 different passwords written on my whiteboard, I now have 19. They have a policy that makes their system a little more difficult. I told them I already had 18 passwords in my head, now I will have 19, hence the confusion. If this scenario seems familiar, rest assured, you nor I are alone with this. Thus the problem continues...

A Simpler Way

The human brain remembers things by association. So if we associate our password with something familiar, it will be easier to retain the password. If you assoicate your password with something that is common, but not relasted to you, it will be harder for others to guess. We all Love some sort of food, so this will be an a good starting point. Another good choice is animals...no, not your favorite pet, animals in general. There are a lot to choose from. Let's start with food.

Give it a mix

A good password has certain elements to it. It has a minimum of 6-8 characters, a mix of capital and lower case letters, a number and a special character. There are 52 letters available, a computer reads upper and lower case letters as different letters. In simpler terms, the captial E and the lower case e are two different letters. If you typed the word Pass and the pAss and then paSS, the computer reads this as three entirely different words. On top of the 52 letters in the English language, you have 10 numbers 0-9 and some special characters which are !@#$%^&*?()><:;{}[] all of these can be used as in a password. Some companies limit what you can use. I had an account with Merrill once that limited my use of special characters. ...once... as I said, a complicated password policy does not mean it is more secure.

image of example password

Step 1. Choose a FOOD or ANIMAL

If your pet poodle is named Fluffy or you are a cat Lover with an orange shorthair named Garfield...these are NOT good choices. They are common and predictive to you personally. Now if you recently visited a farm and saw a female cow and her calf for the the first time, the word HEIFER would probably be okay. I used a sloth once for my password, it was actually one of my favorites. Everyone expects a horse to be numbered such as Horse #08, but Sloth #39? My password was literally that. Imagine a blazing fast SLOTH coming around the corner to the straight away in first place with the TURTLE on it's heals, and inches from the finish line...we might have a winner next week!

Step 2. Captial and Lower Case Letters

In English, we start our sentences with captial letters and end our sentences with a punctuation mark. If you take my SLOTH password example, you may have noticed the first letter in sloth (S) was capitalized, everything else lower case and there was an exclamation mark at the end. This simplifies things because we have been taught from an early age, these basic grammar rules.

image of special characters

Step 3. Add Special Characters

Some of our letters in English resemble some of our special characters. Let's take the number 1 for instance. It looks a lot like our letter lowercase letter l or our letter i. The number 0 looks like our letter O. The number 3 looks like an inverted E. The excalmation point looks a lot like the letter l or the number 1. With these ideologies in mind, we can substitute these numbers and letters to "disguise" our words we choose for the password. In my previous example, I could have easily used the number 0 in Sloth, but for this tutorial I chose to keep it a little simpler. Let's look at a popular Italiam dish, Lasagna anyone?

In this example, you see the word Lasagna spelled out, with the @ symbol replacing all of the letter A's and the $ sign replacing the S. The L is capitalized, everything else is lower case, and a question mark at the end. This has almost every characteristic of a good password, I needed to add a number, which I didn't. Let's fix that now.

lasagna password example lasagna 7 password example





This password is a little long, but it's easily remembered. Even though it may be difficult to type it should work just fine. Here is one more.

This one states that "I ate 3 grapes". grapes password example



Password Security

Password security revolves around two principles. The first password principle is it needs to be difficult for others to guess but easy for you to remember. The second password principle involves the security implimented by the website itself. Years ago we used something called SSL, then we went to SSL2 but this didn't protect the transmission of data, just the starting and end point. Now we use a combination of the TLS protocol which protects the password, even in transmission. Older web browsers can't even check email anymore because of the change in protocols. In order for the web browsers to use TLS, they have to be a a newer browswer. I booted up my old Windows XP machine to play an old game I Loved, and decided to check my email. I could not. I don't know if Windows Vista is new enough, but I do know Windows 7 and 8 are new enough. My old SuSE Linux 10.2 can not check email, but the Jammy Jellyfish version of Ubuntu Linux is new enough. I am not up to speed on which versinon of Mac OS X is required. However, with Mac, you can upgrade your OS through their update system and you should be good to go. One legitimate reason this may be, is back in the early 2000's we transitioned to processors with 64bit architechture. If the transistion from SSL2 to the newer combined TLS happened after the transition of 64 bit architecture, the older systems may not have the capability. In a nutshell, anything that requires security or encrytpion ( the use of a username/password or Credit Card info) has to be on a newer computer (which is a good thing).

Your Web Broswer Matters!

This seems complicated, but it really isn't because the protocol usage all happens behind closed doors on your web browser. Simply put, If you have the ability to check your email..your browser is new enough. If it gives you an error message saying your browser isn't supported, you need to upgrade your web browser. With the older operating systems you can only upgrade your browser to a certain level. This is why I stated "newer" operating systems. Most people do not know what version of Microsoft Edge they are using, but they can tell you what version of Windows they have. We recommend using Firefox as it is a free and open source browser that is very secure and privacy based. Microsoft Edge, Google Chrome and Apple Safari will work, but these companies are known for data hoading and usage. YOUR PERSONAL DATA...not theirs. The Opera web browser has had a major upgrade, and went through the conversion to Open Source Software. I quit using it a a while back due to compatability issues and the general changes in the Web Communities. Since they upgraded and went Open Source, they have fixed the issues that were plaguing the browser during the transitioning of the Internet. It has always been a stable, reliable and secure browser, so it may be a good alternative now. I like Firefox because you can get it cross platform(it works on Windows, Linux, Android and IOS(Mac)). If I pull up a webpage on my android cellphone, I can easily switch over to my Windows Laptop, iPad, or Unbuntu Workstation and look at the same page with Firefox. The history carries over on all devices, since it stores all of this in your "user account". They also have an private mode where your broswer restricts rogue websites from accessing your data. Google Chrome had an incognito mode, but they were sued in court for using data from websites, even while in incognito mode. Chrome is a good browser, but with Alphabet's level of integrity and obcession with user data I simply don't trust Google.



Remember K.I.S.S. -- Keep It Simple and Secret...

God Bless,
Luke



©2001 - 2024 LUKECOMPUTER

         email us      
About Us | Privacy
Terms of Service | Pricing
Blog | FAQ
News | Help Center