The Simple Guide to Complex Passwords

A book of random numbers.
Photo by Michael Wheeler

We all know a good password is necessary for good protection of our computer systems and our personal/business data. They are however one of the most annoying inventions in human history. The biggest problem of course is not that we need a good password, it’s that we need tens or hundreds of good passwords, ideally one for every single computer system and website we visit, plus more for banking, encryption and other miscellaneous tasks. For me, that’s at least 100 different passwords that I should have. Guess how many I used to have for all of these different things?

Three. Not thirty or three hundred, just three. One for encryption and banking, one for system logons, and one for all the miscellaneous websites I visit every day. Not ideal. Not even close to decent. Woefully inadequate. So I decided to change that, slowly and surely, until I had a unique password for every system and website. But how? I’m not stupid, and my memory is pretty decent, but the thought of remembering a hundred different passwords is boggling in and of itself!

So how on earth am I to solve this problem? I found a couple of inadequate options:

  • I could write the passwords down on a scrap of paper and keep them in my wallet. If I lose my wallet, I’m pretty much screwed anyway, so being a little more screwed probably isn’t going to matter. On the other hand, there’s no reason to put myself in more of a pickle than necessary.
  • I could use one of those handy little password-keeper applications. I take care of remembering one difficult password, and the program takes care of remembering all my other passwords (which are suitably encrypted, using my master password as the key). The God of computer security, Bruce Schneier, has written one of the best applications for this: Password Safe. There are a few problems though:
    • If you’ve been reading my blog long enough, you’ll know that I don’t like trusting people I’ve never met. And handing over all my most secret passwords to some application written by a dude I’ve never met is pretty trusting, if you ask me. I’m not good enough at cryptography to write my own, so that’s out of the question too.
    • I need to have the password safe on me whenever I need to access my passwords, which isn’t always the case. Sometimes I access websites via my smartphone, where most password applications won’t work (which is especially the case on Symbian). Synchronisation becomes a problem. Multiplatform support is lacking.
  • I could keep on using my three passwords, and just deal with the fact that it’s not ideal. Most other people deal with it, so in theory I can too.

After a bit of research though, I stumbled across the answer. Password algorithms! The central idea is that like a password is put through an algorithm to produce an encryption key which unlocks your data (or a website), you are taking something you can remember (a normal dictionary word) and using it to produce a password.

The really clever element of the idea is that you can write your password algorithm down, because without the starting words the algorithm is useless. The amount of stuff you have to remember is greatly reduced! It’s genius! Here’s how it works:

  1. Take a plain, simple word that you can remember (like ‘Jack’ or ‘Banana’).
  2. Apply a series of steps to the word (I’ll use ‘Banana’), like so:
    1. Start off by adding an exclamation mark after the sixth character. We end up with ‘Banana!’.
    2. Replace the fifth character with the ASCII value of the character. We end up with ‘Bana110a!’.
    3. Swap the capitalisation of the first and second characters (lowercase becomes uppercase and uppercase becomes lowercase. We end up with ‘bAna110a!’.
    4. Swap the third and fifth characters. We end up with ‘bA1an10a!’.
  3. Put the resultant password into the website or application where it does it’s magic and unlocks your data.

For all the sites that you visit often, you’ll be able to remember the password in it’s complete form (via muscle memory). For sites that you don’t visit so often, you can take your simple word and produce the result password in only a couple of simple steps. It makes it even easier if you use a pool of common words (like fruit), as you can just keep guessing your way through the common fruits if you happen to forget even the simple password.

There are things you can do to make the passwords even stronger, too:

  • Use phrases to begin with instead of words. This makes things a bit harder to remember though.
  • Use longer algorithms. This makes things more annoying to generate a password though.
  • Use different pools for different purposes. One pool of words for work, one pool of words for banking, one pool of words for websites, and so on. If work ever figures out my algorithm and my work pool and decides to be a bit malicious (unlikely as that may be), they still have to figure out the pools of words I use for other purposes. That buys me a decent chunk time I can use to change the algorithm.

There are a few drawbacks, however. You still have to remember something (although remembering ‘fruit’ really isn’t that difficult). If somebody figures out both your pool of words and your algorithm, you are pretty much screwed. But those are fairly low-risk prices to pay, I think.

I’ve recently converted to using this sort of algorithm-based password mechanism. I think it’s great. I’d be interested to hear other people’s thoughts too: have you been using it for years? Do you think it’s a stupid idea? Should we all just be using biometrics instead? Let me know!

The Ten Commandments of Computer Backups

I recently put a lot of thought into how I perform my computer backups. I’m one of those people that, while I would only be mildly pissed off by the failure of a hard drive, would be quite angry at myself if I lost even the merest hint of data that I wanted to keep. I used to perform my backups manually, using the Windows backup utility to back data up onto an external hard drive. It worked fine most of the time, but it definitely had process defects… the largest of which being, I had to remember to do it. It required my interaction to succeed (because I had to plug the drive in) and this meant there was always a human element involved. And humans are lazy.

So I set about designing myself the ultimate foolproof backup system. There would be multiple storage media, there would be encryption, there would be checks and validations and several custom-written applications. Then I started thinking, “what exactly am I protecting myself against?” It’s a good question. Here’s the list I came up with:

  1. I need my data to be safe from storage media failure. This may mean a single backup DVD being unreadable, or maybe my primary hard disk drives it’s head into the sand.
  2. I need my data to be safe from the failure of every drive of a particular type, simultaneously. It happens more than you would think, and the consequences usually aren’t pretty (whole RAID arrays failing, with all their ‘safe’ data, usually makes people a bit upset).
  3. I need to make sure my data can’t be stolen. If it is stolen (or people I don’t want reading my data try to do so) then it should appear as meaningless gibberish.
  4. I need my data to be safe from being corrupted while in storage, or while being transferred between storage devices.
  5. My data needs to be safe from theft or fire, which could mean every storage device in a particular location is unusable.
  6. My data needs to be safe from natural disasters, which could take out an entire city or state. Unlikely, but it’s the kind of thing most people don’t plan for.
  7. I need to be able to search for data that I’ve accidentally deleted, and I need back.
  8. If my data is anywhere not under my direct control, I need to be able to trust the people who do control them.
  9. I have to assume that if my backup hasn’t been tested (i.e. I haven’t tried to restore from it) then the backup isn’t any good.
  10. Finally, I shouldn’t have to do anything… computers should be smart enough these days to back themselves up.

That was all I could think of, though I’m sure there are additional points (leave a comment or email me, please!). Then I figured out what I had to do in order to prevent these situations from happening.

  • Points one and two are the easiest to solve, and are really what most people think of when they think of “backup” plans. The solution is simple: keep your data on multiple storage media, and those different storage media should be different types.
  • Point three is pretty simple to solve: encrypt everything you can possibly encrypt. This also partially side-steps point eight, because if your data is encrypted, you don’t have to trust them to not read it, you only have to trust them to not delete it. And you don’t need to trust them to not delete it if you’ve got the data in multiple locations (i.e. somewhere not under their control).
  • Point four can be partially solved by taking checksums of the data (which can be done at the same time it is encrypted). If a checksum doesn’t match, something has gone wrong and should be tried again or looked at by a human. There is the issue of what happens if the original data is corrupted. I put this in the too-hard basket for now, though the use of a RAID array can reduce the likelihood of this.
  • Points five and six are closely related, and also solved together. Every good backup plan should make use of off-site backups, where a copy of data is kept away from the original. Point five might mean keeping a copy in another building (or in my case, at my parent’s house a few kilometres away). Point six means I might consider going further. Ideally I’d like to store a copy of my data on another continent, just in case of nuclear war. If I survive, my data should too.
  • Point seven means I should be creating archives of data, so that copies of old files are kept so that I can go back in time. I would like to be able to choose copies from every day for a week, then every week for a year. After a year, I’m probably not going to remember that I once had a file.
  • Points nine and ten are quite possibly the trickiest. To solve them, I have to write automatic scripts to do all these backup tasks, then write automatic scripts to try recovering from the data and make sure it’s in perfect state. I also need to do this manually, just in case my scripts stop working (it is a computer, after all).

So there was my analysis of the backup problem done. Now for the design stage. My current working computer systems consist of a laptop (running Windows 7), a desktop (dual-booting Windows 7 and Debian GNU/Linux), and my home server (which runs Debian GNU/Linux). So I chose to do the following:

  • I decided that, since it was turned on all the time, my home server would be the primary location for all my treasured data. Every other location for my data would feed off that. My laptop and my desktop will be synchronised to my server using software such as rsync running on a very frequent schedule. Ideally I will code a switch into the script on my laptop that does syncs less often when I’m not at home, to avoid wasting bandwidth. This will give me three or four working copies of my data, depending on how implementation goes.
  • My server has two hard drives, and I’m going to use this to my advantage. The first hard drive has my primary working copy of data, and the second drive is where the backups go. So I’ll write another script that will take my working copies from my first hard drive, perform archival on them (using tar), encrypt them and checksum them (using encryption that money can’t buy) and copy them to my second hard drive. This gives me the ability to go back in time through my data, if need be. At this stage there are some things I won’t backup, either for legal reasons (I’m fairly sure the MP3 backups of my music collection shouldn’t be stored off-site under Australian law) or for practical reasons (videos are just too large to transfer off-site over the Internet).
  • I still haven’t solved the problem of off-site backups. To solve this, I’m planning to make use of Amazon S3, which is a cloud backup solution offered by everybody’s favourite friendly forgettable online book store, Amazon. Because my data has now been encrypted, I don’t have to trust them at all. I can just copy it across, mark it as being invisible to the wider world, and forget about it. I will also take up an offer from my friend Jamie to store my data on his NAS, which gives me another off-site backup location. I’m in Tasmania, Jamie is in Queensland, Amazon is in the U.S.A., and my data is safe.
  • I’m also planning to fit my server with a DVD burner and write a script that backs up my most crucial data (such as financial information and treasured memories) onto a DVD every week or so. Encrypted, of course. The only problem is that I need to remember to go and change the DVD over every week.
  • Finally, I have to write scripts to occasionally check the consistency of my data, so that nothing suffers from bit rot.

I haven’t completed the process of implementation yet (in fact I’ve hardly started). Already though, I feel safer knowing that I’ve thought about the process of storing my data, and that makes me feel a lot safer. Most people don’t think about backups until it’s too late, and perhaps maybe they should.