In Casino Royale, the villain Le Chiffre tortures James Bond to get the password of his bank account. Bond, in love with the gorgeous Vesper Lynd, had chosen her first name as the password.
Bond, of course, did not reveal the password, but in real life even a novice hacker could have cracked it. I graded its strength on Intel’s “How Strong Is Your Password?” site, and it can be hacked in just 32 seconds. Bond had ignored Rule 1 of passport security: Never use names of spouses, children or girlfriends/boyfriends.
When I set up my first email account (in the late 1990s, I think), my password was “smile”. In those days we hadn’t heard of hacking. But that simple password today would mean inviting trouble. If you use the Net to run your daily life—access your websites, blog, tweet, shop online and log-in to pay your bills— you have reason to worry about password security.
Most websites tell you that you are relatively safe if you follow the basic rules for a strong password: Use a phrase, the title of a song, or a random mix of names of your favourite characters, use both lowercase and uppercase letters, and throw in some numbers, symbols and/or special characters.
I would also add a clue that tells you whether the password is for your Gmail (by adding the letter “G” or “M”), Facebook, blog or bank account. If you wish you can check out its strength by creating a dummy with a similar combination.
The problem is, how many passwords can one memorize? This is where a password manager comes in. It helps you organize all your passwords and PIN numbers; you have to remember just one master password. You can find any number on the Net— RoboForm, LastPass, DataVault, Password Genie, to name some.
Last week, the preeminent technology writer David Pogue (whose column in the The New York Times is a must-read for anyone interested in technology), made a strong case for the Dashlane password manager. It’s a sort of password vault—it memorizes your passwords, helps you generate strong passwords and autofills your personal information (address, credit card, etc.) when you shop online.
The obvious question, then, would be: What would happen if Dashlane’s servers are hacked? Dashlane says: “Since your master password is not stored on our server, there is no risk that a hacker may steal it from us. If despite all of our security measures, a hacker had access to our system, he could only access encrypted data.”
A friend in the business of technology says one can use a phrase and “transpose” it with a standard Qwerty keyboard. Let me explain this with a simple name: Say you want to use “vesper” as your password. On the keyboard you use letters to the left of vesper (cwaowe), or even to the right (brdqrt). If the alphabet is at the beginning or the end of a line on the keyboard, use the preceding or succeeding letter in the same row. Stick a couple of numbers in it somewhere, make some letters uppercase, and you have a reasonably strong password: Cw0Ao0We7. I say reasonably strong, not perfect.
He says: “Choose something long enough: The shorter it is, the easier it is to crack. So if you choose quickbrownfox, it is easier to crack than pyuxjveiqbdiz, which is just the same but one key to the left.”
But where do you save the password? Bury it in a file where you can remember where it is, but someone else wouldn’t think to look. If you are worried about posterity, jot it down on a piece of paper and keep it in your bank locker.
Every year global computing services provider IBM predicts a list of innovations “that have the potential to change the way people work, live and interact during the next five years”. They call it “The IBM 5 in 5”. In 2011, it predicted that in five years—that is, by 2016—passwords will be history. “Each person has a unique biological identity. Biometric data—facial definitions, retinal scans, voice files—will be composited through software to build your DNA-unique online password.”
Till then, follow this tip I picked up in my search for a strong password: Bad spelling and bad grammar make the best passwords.
Shekhar Bhatia is a former editor, Hindustan Times, a science buff and a geek at heart.