In today’s internet age, the number of user accounts needed for a “normal” person is enormous. Think for a moment about all the username/password combinations you use: work , personal email account, personal spammable email account, cable/sat company, phone company, all those forums you read, all of your online banking accounts, and a very long etc. Now think how many of you use the same password for 2 or more accounts? If you use a different one for every account, chances are you are a genius with an IQ higher than the normal user. If not, don’t worry, you are just a normal person, either very thrustful or very fool, you decide. And also you are in the right place to learn something useful today.
The assumption that people use the same user/password in several accounts gives attackers an advantage: they don’t have to break into your bank to get your info, they just have to get your username/acount from that shady forum you suscribed 6 months ago.
To prevent this kind of attack, and at the same time prevent our head to explode for all informatino we need to memorize, there is a very simple trick to allow us to use the “same” password for every account we have, but having the peace of mind that by subscribing to that forum with lots and lots of torrent files you won’t be as exposed to account stealing as the normal user.
The solution is to use an algorithm to create our passwords, simple enouhg for us to remember, but giving a complex enough result to have different passwords in every one of our accounts.
First, we start with a “base” password. Something we’ll always remember. It could be your current password you use for all your accounts :). Let’s say for example, that we use “123mambo”. That itself could be a very good password: characters and numbers, not relating to anything specific or giving information about us. But you shouldn’t use it for all of your accounts. So let’s add a simple process to customize it for all of our accounts.
For every website/place we need a password, we take our “base” password, and add some of the letters directly from the name of that site and create something unique for all websites. That’s it… simple, right? Let’s see how it works.
the characters I’ll use to “salt” my password will be the 1st, 2nd and 5th letters of the site’s name, and the total number of characters in the name.
Let’s see how it works:
take www.hotmail.com for example. Applying my previously decided algorithm, the pasword for my hotmail account would be:
“123mambo” + “h” (1st char) + “o” (2nd char) + “a” (5th char) + 7 (”hotmail” = 7 chars) = 123mambohoa7
Now let’s create the password for a yahoo account:
www.yahoo.com
“123mambo” + “y” (1st char) + “a” (2nd char) + “o” (5th char) + 5 (”yahoo” = 5 chars) = 123mamboyao5
and what about our newspaper subscription?
www.nytimes.com
“123mambo” + “n” (1st char) + “y” (2nd char) + “m” (5th char) + 7 (”nytimes” = 7 chars) = 123mambonym7
Some other website examples and their results:
www.mymail.com - “123mambomyi6″
www.unitedbank.com - “123mamboune10″
www.bankofcalifornia.com - “123mambobao16″
www.usabank.com - “123mambousa7″
Microsoft Money - “123mambomio14″
Outlook - “123mambooul7″
Time Reporter - “123mambotir12″
So, as you can see, we can get pretty much secure passwords without the hassle of using too much of our memory.
I hope this one was useful for you. Be creative, and please don’t use 123mambo ’cause I already use it (j/k) but above all, be safe.
password salt security seguridad XXXXXXXX XXXXXXXXXX