Tips, Tricks and Password Recovery
One of the biggest fears . . . of every computer user . . . is the fear of forgetting an important password. And we do forget passwords. There are so many of them !! But after reading this page, you will never worry about forgetting a password again.
NOTE - to those with a job in a high-security field - skip this web page entirely - you, unfortunately, will have to memorize multiple passwords. All I can tell you, is to repeatedly repeat them all to yourself in your mind, on a daily basis.
Memorizing Multiple Passwords - Don't do It
Few people can successfully memorize 5 to 10 passwords - especially for systems that force you to change the password periodically (more on that later).
The trick is to NEVER, EVER MEMORIZE MORE THAN TWO PASSWORDS !!
Selecting the two Passwords - these two passwords will be your primary and secondary passwords, to be used the rest of your life, unless they are ever found out (in which case you must pick new passwords, of course).
Pick a simple primary password and a complex secondary password. For example:
Primary (password 1) - velvet Secondary (password 2) - vel99vet
That's it !!! You will never need to memorize another password for the rest of your life !!
you can write down ID's in a non-secured document - but not passwords
you can write down one character of a password, such as the last digit
Any security expert would completely disagree with this web page. However, just as Doctors always take the most conservative approach possible ("don't run - it's bad for your knees . . . take all of these antibiotics, even if the infection is gone", etc), Security Experts take security to the nth level. Which means never writing down an ID or a password . . . which also means you will forget them from time-to-time. Here we take a real world approach, and we write them down - in a safe, secure manner !!
Your Passwords "Vault" - a file with a long Password
Save your passwords in a file, and password protect the file. There are two commonly available applications for this - WinZip or Word. Name the file something innocent, such as "gardening.doc" (Word protection) or "gardening.doc" (Zip protection - in which case you would then need to add it into WinZip, enter a password, and zip it).
Word is much more secure than WinZip, so we recommend that. Perform the following steps (thes are for Word 2000):
if you want higher security, click "Advanced" and select on the "RC4" options
Selecting a Password - you want to use a long password here. We said that you should never need to memorize more than 2 passwords . . . so simply combine them. For example, if your primary/secondary passwords are velvet and vel99vet, then your password to protect this extremely important file would be:
Can they Hack my Password? all passwords are "theoretically hackable" - but by using a long password, you make it very difficult and impossible unless the hacker is using a multi-million supercomputer. The time required is simply too long, and the task cannot be accomplished.
There are numerous Office, and Zip Password Recovery tools available on the web. But for a hacker that has no previous knowledge of your password, they will be forced to use the "brute force" attack. Even if they do hack the file - you will have no passwords stored there !!! Just small, 1-digit clues !! The Brute-Force password hack is the slowest method, because it checks every possible password, one-by-one. They usually start with 1-character passwords, then 2, and so on . . . When they get up to checking 6 or 7 characters, it take many hours to try them all. Nevertheless - what's several hours to someone that is trying to break into valuable systems? This is why you want a long password - the time required increases exponentially.
Here are some brute force password hacking statistics. 26 is the number of lower case letters, 36 is letters and digits, 52 is mixed case letters, 68 is single case letters with digits, symbols and punctuation, and 94 is all the displayable ASCII characters including mixed case letters. The times shown are the times to process the entire set of passwords thus the average time to crack passwords would be one half the listed times.
|26 - Letters||36 - Letters and Digits||52 Letters and Digits with upper and lower case|
|3||0.18 seconds||0.47 seconds||1.41 seconds|
|4||4.57 seconds||16.8 seconds||1.22 minutes|
|5||1.98 minutes||10.1 minutes||1.06 hours|
|6||51.5 minutes||6.05 hours||13.7 days|
|7||22.3 hours||9.07 days||3.91 months|
|8||24.2 days||10.7 months||17.0 years|
|9||1.72 years||32.2 years||8.82 centuries|
|10||44.8 years||1.16 millennia||45.8 millennia|
|11||11.6 centuries||41.7 millennia||2,384 millennia|
|12||30.3 millennia||1,503 millennia||123,946 millennia|
Your ID's and Passwords
For this section we will use the example of a user ID = george and Passwords = velvet (primary, pass1) and vel99vet (secondary, pass2).
For each ID/password combination, write them all down in the file. Enter your ID, and next to each ID, write down a clue that allows you to identify the password that goes with that ID. Whenever a system forces you to change your password - update the file.
Here's the trick. You have memorized two passwords, a primary and a secondary. In general always use your primary if possible. As we said, some systems force you to use a password that contains at least on character and one numerical digit, which is covered by your secondary, password2. In your passwords file, you have a table with 3 columns. Column 1 is the application or website that requires the password. Column 2 is the ID you used. Column 3 is the password clue.
IMPORTANT: If the system forces you to change your password, add a digit at the end, and then each time you have to change it again - increment the digit !! So you would start out with velvet, then velvet1, then velvet2, etc. Write down only the number in your passwords file.
Sample Passwords Table:
|Application - Link||ID||Password|
|Timorama (Timesheet Entry)||george||pass1|
|Banking (www.citibank.com)||george||pass1 - 4|
|OpenView (HP Router Tool)||george||5fWQ200|
|Eroom (group collaberation tool)||george||pass1|
As you can see - the table shows no real useful information to a hacker. Only you know that your pass1 is velvet and pass2 is vel99vet. The exception is the OpenView password, which is one of those funky passwords, and the application does not allow you to change it to your primary password - so it this case you have to enter the entire password. However, as difficult as it is to hack into your Word document - you're safe !!
Websites and Passwords
For websites, you can skip the Word file, and instead store them in the name of the bookmark or Favorite. For example. if your bank is CitiBank, and your ID/password combination is: george/velvet3 - store your Favorite and name it as follows:
CitiBank (george - 3)
Using the methods described - you should never need to perform password recovery. However, if you need to, then there are a number of tools that you can download for WinZip and MS Office - some free, others $$$. Just be aware that if your password is long, you may not live long enough to recover it. If it is 6 or 7 characters, you can recover it in about one day.