A twitter account hacked again…  nothing surprising there.  This is not a case for publicizing risks related to “cloud computing” or “online collaboration”.  What this is really about is weak passwords.  Even the technically minded are guilty of slapping together a weak password from time to time.

I, however, never use Google apps for any personal information.  I don’t want my most sensitive documents stored online for any reason.  There is always a case for that position.  With that being said, many do use the amazingly compatible and accessible Google apps for all kinds of online collaboration.  What is the risk?  Simply this – any data put online is at risk and all online applications are at risk.

Problem statement: We live in an online world, so how can we minimize risk?  Strong passwords.

How does one construct an easy to remember, yet complex password?  Try this method –

Create a passphrase – one that is particularly significant to you personally, that others will not know is significant to you.

Example:  My Bonnie Lies Over The Ocean

Concatenate the phrase.

Example: MyBonnieLiesOverTheOcean

Substitute letters with symbols and numbers.

Example:MyB0nn13L13s0v3rTh30c3@n

We have substituted the letters “o” with the numeral zero “0”, the letters “I” with the numeral “1”, the letters “e” with the numeral “3” (because a 3 is a backwards E), and the letter “a” with the “@” sign.

I know this looks rather complicated, but select a passphrase and begin interchanging the letters consistently (to make it easier to remember) with numbers and symbols.  Practice it and use it.  If you practice, you will be amazed at how quickly your fingers fly over the keyboard with regular use.

It is also important to not use the same passphrase for all your applications or logins.  And that is the usual problem for most people.  Too many passwords to remember.  But, think for a moment how you can categorize your passwords.  Think in terms of levels of data risk. 

High Risk – data you would not even want your best friend to see let alone the entire world

Medium Risk – company data that is not classified or highly sensitive, but company confidential nonetheless

Low Risk – information that might be shared anyway and of little to no value if compromised

Select your passphrase, not only in accordance with the level of risk, but also based on the location of data or the type of data.

Maybe your bonnie lies over the ocean when you are at work, but lies over the sea when you are working at home (i.e., bank accounts).  The higher the risk, the longer the passphrase should be.

Other ideas at creating passphrases:

Use the opening line of your favorite book – “Scarlet O’Hara was not beautiful.”

Example:  Sc@r13t0’H@r@w@sn0tb3@ut1fu1

Maybe something shorter, like the title of a song – Memories

Example: W3w0r13z

Notice in the above example, we flipped some letters upside-down and around, as well as the usual substitutions, where m=w and s=z.

There are many ways you can be creative in generating memorable and complex passwords.  The trick is to spend the time creating them and associating them mentally to level of risk and location (work, home, on the road) and type.

High risk data must be protected with a long passphrase.  The longer the passphrase, the more difficult to crack, hack, or guess.  Shorter passphrases may be used for less sensitive data access.  However, beware that if you are using a “single sign-on” type application that leads to various risk levels of data, selecting the long passphrase is your best bet.

How to make this terribly irritating exercise fun?  Think up the most hilarious passphrase that you can, and substitute the numbers and symbols.  You will remember it and get the giggles when you use it.

Now go and have fun.