How to secure passwords and other critical numbers

One of the more frustrating exercises in using anything online is keeping your passwords safe. They have to be easy to remember and hard to guess.

One of the more frustrating exercises in using anything online is keeping your passwords safe. They have to be easy to remember and hard to guess.

Here is a trick I've used for years that seems to work for passwords, Social Security numbers, telephone numbers, birthdates and anything that needs to be safe.

Passwords:  Develop a solid base password. This should be a 79 character base that has a combination of upper/lower case letters, numbers and one or two special characters. For example, the airport code for Phoenix, AZ is PHX' and a date I remember is the day JFK was assassinated, 11-22-1963.

[TEST:Best tools for protecting passwords]

So using that as a starting point, I can morph it a little to increase the complexity: PHX becomes PhX, and with 11-22-1963 I can substitute ! for the 1s and the # (shift 3) for the number 3. That results in a base password of PhX!!22!96#Now that you have the base password, develop a schema for any password site name. For exampleGoogle Gmail could become gml or gglgml, making my password for Google Gmail PhX!!2!!96#gml or PhX!!2!!96#gglgml. Easy to remember and difficult to crack.

Social Security numbers: I have to store lots of Social Security numbers for spouse, kids, parents, grandkids etc. There are two ways to encrypt these in plain site.

The first was is to change every other number by +1 or -1 (or any number +/-). For example, 123-45-6789 using +1 becomes 224-46-6890. Since I know the key getting back is straightforward.

The second way is to use your Social Security number with some +/- number added to numbers within your Social Security number. Lets say your Social Security number is 123-45-6789 and your spouse's number is 987-65-4321. Adding a +1 to the last digit in each results in your number becoming 124-46-6780 and your spouse's number becoming 988-65-4322. By storing both numbers you have the key to decrypting. Put your Social Security number back to the original and you know how to put your spouse's number back to the original.

The second scenario works equally well for phone numbers, addresses, lock combinations, etc.

The caveat in the first case is to keep your key to yourself and the in the second case keeping your Social Security number private.

For the most part the bad guys are interested in low hanging fruit and big fish. If the bad guys get your computer and all the information is encrypted as above there is little that can be gained. The problem is that Social Security numbers do have a way of popping up. The good thing is that correlating a Social Security number to a specific person and then decrypting the information takes time...the one thing the bad guys don't have.

Avery has been an IT professional for more than 30 years and is the Editor and Publisher of the IT Weekly Newsletter.((The Newsletter is published 48 weeks a year and each issue contains links to 40 to 60 technical articles gleaned from  more than 200 online sources. Contact Avery at

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Googlesecurityendpoint securityanti-malwareWide Area Network

More about GooglePhoenix

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Warren Avery

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts