Magic numbers: keeping password records secret, yet accessible.
I was used to dealing with advanced cryptography and the like. I now relish getting back into the trenches to do more commonplace matters. 
Magic Numbers creator, David Wozny
Psst! Do you want to know a secret for safeguarding online passwords?
Then check out retired cyber security expert and brain injury survivor David Wozny's Magic Numbers strategy!
It's a practical and straightforward way to record the passwords you create for your online accounts.
And it's expected to be particularly helpful for people with memory difficulties or other cognitive challenges in safely setting up and running online accounts.
Here is David describing how the Magic Numbers idea first came to him.
Share, don't scare!
"I was an IT (information technology) buddy with a local charity for the elderly," David says, "and I attended a meeting where the given advice, while well-meaning, wasn't easily usable."
Plus, he adds, "They were telling scare stories.
"But I want to move on from the scare stories that if you don't do this or that, then the hackers get in. It just puts people off.
"Most importantly, I also wanted to make it more accessible.
"Because my background was high-end cryptographic security, I'm used to dealing with cryptography [1]. However, I relish getting back into the trenches to undertake more rudimentary matters.
"And this is simply passwords, not rocket science - and I enjoy it!"
David contacted former colleagues and contacts from his high-status cyber security career to ensure his Magic Numbers strategy met the UK's good practice standards.
And it does. "I'm satisfied that the advice I'm giving isn't flawed or inappropriate," he says.
To widen accessibility, he also produced a video explaining how his Magic Numbers method works.
"My thinking is that the video is possibly easier to digest and more compelling than the document," he says.
"I think the document may be a bit overwhelming for some people if they haven't first watched the video."
Happily, however, you can try both!
Watch David's YouTube video explaining how Magic Numbers work here: [2]
And here is the easy-read, step-by-step version of David's Magic Numbers strategy:
Magic Numbers: Keeping Passwords Secret and Safe
Setting up accounts and passwords is a normal part of the online world for everyone.
But using the same password for many online accounts is a big no-no.
Why?
Hackers!
Hackers are criminals who find ways to break into people's accounts to steal information, including passwords.
Hack off!
Keep hackers off your back by creating passwords that are not only different but are also very easy to keep safe.
And make passwords that will suit most websites. How?
Mix it up!
The most robust online passwords are made from a mix of all the following:
- Lowercase letters
- UPPERCASE letters (capitals)
- Numbers from 0 to 9
- Special characters such as * or % or ! or ?
To make strong passwords to suit most websites:
- Keep characters from the same group together, such as CFxp4973*%$
- Use characters from all four groups
- Use 10 to 15 characters in total
- Avoid using dictionary words
- Avoid using letters or numbers in sequences, such as '123' or 'ABC.'
Choose an email account that you can use if things go wrong with your other accounts. For this account, add three more characters to the password.
Example: CFJxp42973*&%$
Magic Numbers!
Here is where you add the magic! Choose your favourite number, letter or character – and make sure you don't use it to create your passwords.
This is the Magic Number (letter or character) you need to protect your passwords.
It safeguards your passwords wherever you record them – on paper or digitally on a computer or mobile device.
Once you have created your passwords, place your Magic Number in a different location in each of them.
Here is the same password example, with a Magic Number 6 added: CFxp46973*%$
Now, when the password is needed online, just miss out number 6!
On record!
Once you've protected your passwords with your Magic Number, you need to record the passwords where you can easily find them.
Writing them down in a notepad and keeping them in a purse, wallet or hand/man bag is fine – as long as they contain the Magic Number!
If you're recording your passwords on a computer or mobile device, a word document or spreadsheet may be useful.
Make sure you include other important information linked to your passwords, including:
- The account name
- The organisation
- The website address
You may also like to add notes giving more account details.
Here is an example of the type of table you could create with a Magic Number 6 added to the password CFxp4973*%$:
If you are reading this article on a mobile device, you may want to turn the device so it displays in landscape mode to view the tables below.
|
Organisation |
Website |
Account Name |
Password |
|
Barclays Bank |
www.barclays.co.uk |
yahoo.com.uk |
CFxp46973*%$ |
And here is how a bigger table might look with more accounts and different passwords added:
Here is an example of the type of table you could create with a Magic Number 6 added to the password CFxp4973*%$:
|
Barclays Bank |
www.barclays.co.uk |
yahoo.com.uk |
CFxp46973*%$ |
|
Gmail |
www.gmail.com |
gmail.com |
FCpx46973*%$ |
|
Amazon |
www.amazon.co.uk |
gmail.com |
CFxp97463*%$ |
|
eBay |
www.ebay.co.uk |
janedoe12 |
FCpx69473%*$ |
|
BBC |
janedoeBBC |
CFxp73469*$% |
|
|
|
www.facebook.com |
gmail.com |
FCpx69734$*% |
Remember though – miss out your Magic Number when you're entering your password to access an online account.
It only shows in your records to keep your actual passwords a secret!
Back up!
Now you've made a record of all your passwords, and you don't want to lose it. So, it's really important (and easy!) to make a backup record.
Backup a paper record using one of the following methods:
- Take a photo of your paper record on your mobile phone
- Scan your paper record into your computer
Backup a digital record (e.g., spreadsheet or word document) as follows:
- Print out the document and keep the paper copy
- Save the document onto a USB storage device
Note: Save the document with a name that doesn't describe what it is!
Set up!
Now you know how to make and safeguard passwords, here are some tips to setting up an account online:
- Make sure all your details are up to date before opening an online account
- Check what sort of personal details are needed for the online account you are opening
- Gather information you're likely to need before you start, as some websites' time out' if you take too long – so you will have to start all over again!
Extra layers!
There are other ways of protecting your online accounts and passwords, including:
- Two-factor authentication (2FA) - another way of proving that it is you trying to log on to your online account. For example, a code can be sent to your mobile phone that you would then use, as well as your password, to log on.
- Password managers - these let you store passwords in a specially protected file on a digital device such as a computer or phone.
Cybercrime
Cybercriminals find gaps in weak security systems to steal passwords, data or money from accounts.
The most common ways this can happen include:
- Hacking
- Phishing – when fake emails ask for personal and security details
- Malicious software – used to harm or hijack a computer or other device
The UK's National Cyber Security Centre has many more tips for staying safe online here: NCSC: Top tips for staying secure online.
Secure IT
As a former police authority adviser, David Wozny is highly regarded in the UK's information technology security sectors.
His brain injury, sustained in a cycling accident in 2015, prevented him from returning to his high-flying career for two years.
But it didn't lessen his passion for IT security, particularly when protecting vulnerable users.
I recall looking at me in the mirror and thinking of my previous self as a different person. I was looking at someone I had once been - but I felt that that person was no longer around.
David Wozny
Find out more about David here: Learning to love life again after traumatic brain injury (TBI)
And watch this space for a free download of David's Magic Numbers password strategy, coming soon.
References
Recently on talking heads ...
