HOME > > > HELPFUL HINTS MENU        -d- Bookmark this on Delicious    StumbleUpon.com Recommend at StumbleUpon

Protecting the privacy of your computer files

There are many programs available to encrypt your files. This isn't about that! Whether you use a special program, or simply the 'password protect' option provided with good applications, you are faced with the problem of choosing (and remembering!!) a password. (Where the encryption is used to protect a file in transit, there is also the problem of letting the recipient (only!) know what the password is.) (It may amuse... and reassure?... you to know that this page has been around so long that at one time I had Quattro and AmiPro as examples of good applications.)




(Click here to go to offers page where an encrypting program is available)

Do What You Can!

We all have passwords. They are a pain in the neck. It is tempting to just have one password for everything. Bad idea. Do I operate "the perfect" password management regime? Of course not. But you can go a long way towards good password management with just a few simple things. And if you want to do more, there are more suggestions further down the page.

Include digits in your passwords. Include some upper case ("CAPITAL") and lower case ("small") Letters iN yOUr PaSsWoRdS.

Better still, when it is allowed: Include some punctuation marks, if only the occasional hyphen.

But... in general... don't get carried away. A superb password policy will probably be so complex that in everyday use it does as much to frustrate you as it does to frustrate the people you are trying to keep at bay.

Confession: I don't put many uppercase letters in my passwords, because lower case letters are easy to type.

A bit of useful fun: I often include the date I first created a password for a given account or document in the password. Years later, it is amusing to be reminded that I've had a particular account since the date in the password. Telling you more than I should, I will go further and say that if I were setting up a password for Facebook today, 26 Mar 2012, the password might be "fb12mar". A weak password... but at least it has some digits in it.

You will need to write your passwords down somewhere. If you keep that list in a machine readable form, with an ink-on-paper copy to refer to for day-to-day needs, then use your wordprocessor's facility for saving things with a password. And don't write your passwords down in that document in a form that gives everything away. Your ink-on-paper copy may go astray.

To my hypothetical Facebook password mentioned above, I would add something extra. For the sake of this example, let's say I decide to add "Panthera" to it, making the full password "fb12marPanthera". But I wouldn't write that down in my passwords list. I'd write "fb12mar//1tiger//"... and be sure never to use "//" in any password. I would be setting that aside to delimit cryptic clues in my password list. How does "1tiger" turn into "Panthera"?

I have a background in biology. The "Latin" name for a tiger is Panthera tigris. So, knowing my password scheme, and seeing "tiger", I know to substitute "Panthera". (Any biologist will tell you that genus names are always written with the first letter in upper case... thus putting at least one uppercase letter in my password, one that I will know is upper case, and thus making it a stronger password.

Of course, not everyone is a nature lover. Not everyone will base their password trick on Latin names. But everyone has some personal special interest which they can draw on to create a similar scheme.

Why "//1tiger//"? The "1" is there to allow other schemes.... for instance, here's something really simple...

If, in my hypothetical world, I saw "fb12mar//2fred3//" in my list of passwords, I would say....

"Ah! This is a scheme 2 encoded password. So..."

"Ignore the "fred"... that's just there to throw unauthorized users of this list off, and was a word picked at random by me."

"Scheme two is based on my favorite musical, Billy Elliot, and the phrase from that "Give 'em the old razzle dazzle"."

"Take the "3" from the hint, and because it was a 3, go to "the", the 3rd word in the phrase."

"Use the first two letters only... because that's "the rule", nothing to do with the fact that this is hint scheme "2"... and use uppercase for the first one.... the full password is...."

fb12marTh

That gives you a very simple system which you can do entirely in your head, with no need for "keys" to the hint scheme. Being so basic, I would recommend that you restrict its use to not-very-important-password situations, but we all have plenty of those. The first idea below gives you a stronger system... but one with elements of the simple idea we just finished. The overlapping elements will help you remember the systems, if you use both.

To every problem, there is a simple answer.. and it is wrong

Before we go further, let me point something out.

As much as we would all like to use human friendly strings of characters in our passwords, it is a Bad Idea to incorporate actual words in passwords. No matter how cleverly you devise a prompt to, say, "hidden123", the inclusion of an actual English word, "hidden", in the password weakens it. My thanks to the reader who wrote in to point out that I hadn't said that on this page. To quote my kind reader's email:

"Determined hackers are making greater use of what are known as rainbow lists. They are composed of commonly used words, quotes and number combinations." "

No system will ever be impregnable. One way to have your cake (use words), and eat it to (protect from rainbow lists) is to reverse words in your passwords. E.g. "neddih123" would be stronger that "hidden123".

Further ideas

Here are some more ideas which overcome some of the problems of using passwords.

First idea....

Make yourself a little card like the following....

       A     B    C     D    E

  1    9     7    5     3    1

  2    8     6    4     2    0

  3   WBJL  AWD  PGEF  JLT   IEB

(Don't worry about the last line for the moment.)

In your mind, but not written on it anywhere, call it your "Secrets Card". Now if you want to write down the password "pw08Dec", you can write down "pw//SCe2//8Dec", which being interpreted is "pw" + Secrets Card cell e2 (which is "0") + "Dec". Without the secrets card, and an understanding of how to use it, the list of passwords is useless. The "//" are used, as in the simple idea further up the page, just to "set off" the part that is the cryptic clue, which is meaningless to anyone who doesn't have the Secrets card.

You could, of course, write "pw08Dec" down as "pw//SCe2SCa2//Dec", encoding both the "0" and the "8" with the Secrets Card trick.

The final line on the secrets card in the example goes a step further. You'd have to adapt what I've done, to fit your background. In my life, I've known some remarkable people. Each cell in line 3 contains the initials of one of those people. And if WBJL's first name was Warren, then if I had a password recorded as "Dec08-SCa3", then the actual password would be "Dec08Warren". (Prizes to any friend who can explain how Warren goes with WBJL, which isn't actually WBJL's first name. But you had to know me 40 years ago to get the answer to that!) The other groups of letters are also people from my life, and in my mind a name goes with each.

Of course, there are other ways to indicate something in cells on the card without writing them out explicitly, and if you take up this idea, you should probably create a more extensive card for yourself. Try to create things that will have fixed uses of uppercase letters embedded in what you have chosen.

Second idea...

When putting a password on a file, you can make the password visible to you from just the file's name by the following, or some variation of your choice...

Call your file anything you like, but let me add three extra characters to the first part of the name. For example, if you want to call something "PHONES.TXT", that's fine... but I would change the name to "PHONES423.txt" if I had used "ursdaesday" as the password for the file. How on earth are you supposed to remember that? I am using 'my' three characters as follows.

The 423 tells me that the password is made from parts of....

In this hypothetical system, I always take 5 characters from each. I started (this time) with the 3rd letter in each name. The last character in my code tells me which letter of the day's name to start from. An additional safeguard and aide-memoir would be to put files thus encrypted in a folder called "DaysOfWeek". Meaningless to an unauthorized snooper poking around your hard drive, and probably not attractive... and at the same time a reminder to you of the system you were using for passwords on the files in that folder.

Now you have a way to 'mark' your files with an indication of the password which will unlock them. If you send things to other people across the net, you can tell them the system and they will know the password from the file's name.

For more critical missions, you can extend the system. Use letters instead of numbers, so 'dce' would mean use the 4th (d is 4th letter) and 3rd starting points, start at the 5th point within each. For such a system, a book with pages 1-26 marked 'a' to 'z' would be helpful. The third character could be interpreted as 'Use the first word on the nth (5th in example) line.'

Third idea...

Another, simpler, trick: If you are fond of the song "A Nightingale Sang In Berkeley Square", then the password "ANSIBS" (first letter of each word) is easily derived from that. You just have to remind yourself, by an oblique reference, which song the password derives from. Using first letters of a familiar phrase can be applied in many ways to many things.

Passwords with digits and characters other than letters are generally stronger than those without. Passwords become even stronger if you put in punctuation marks. As mentioned previously, to get some digits into a password, I often incorporate a date. So, say I sign up for NetFlicks in December 2008. My password might well be nf08dec. (Using a mixture of uppercase and lower case is also a good idea... if you can be bothered, e.g. NF08Dec... but be careful with this. It is easy to get confused about where you used an upper case letter, and many authentication systems are case sensitive.)

In conclusion...

I hope you found the ideas above useful and interesting. (A quick email would be welcome if so!) The ideas are not earthshaking... but maybe they will inspire you to imagine systems which work well for you. I have ideas for a more complex, more secure system of 'locking' files based on 'one time pads' stored on floppy discs. Let me know if you would be interested?


Search this site powered by FreeFind

Click here to go to the site's main index... Helpful Hints is just one corner of the site. You can get freeware and shareware from Sheepdog Software (tm), among other things!
Here is how you can contact this page's editor.

Valid HTML 4.01 Transitional Page tested for compliance with INDUSTRY (not MS-only) standards, using the free, publicly accessible validator at http://validator.w3.org


Why is there a script and hidden graphic on this page? I have my web-traffic monitored for me by eXTReMe tracker. They offer a free tracker. If you want to try one, check out their site. Neither my webpages nor my programs incorporate spyware. If the page has Google ads, they also involve scripts.