Skip to main content

Keeping Track of Passwords

Keeping Track of Passwords

I remember reading an article about Passwords in the 1990's.  It might have been in PC World Magazine (R), or maybe the Washington Post.  Can’t remember where it was, but at least some of these ideas came from that article. 

Anyway, passwords came up again this week.  One of my legion of readers writes, “I have something like 20 passwords that I have to remember, and some of them have to be changed frequently.  I am always forgetting my passwords!  What can I do?”
There are a number of password-making strategies.  The most common ones have critical weaknesses:
1) The Key to the Kingdom.
This is a password so marvelously easy to remember, yet so difficult to guess, that the user sets it as his password every time he needs one.  The weakness is obvious.  If someone guesses or finds the password, he has instant access to a bank account, medical records, tax returns, emails and work accounts.

2) The Sacred Scroll
You use several passwords, but can’t quite remember them.  So you write them on a piece of paper and stick it in your desk drawer at work, or tape it to the wall.  Of course, if you can get to it, someone else can also get to it.   What happens if they take the Sacred Scroll?  They have your passwords–And you don’t.

3) The Code Book
A longer version of the Sacred Scroll.  You may have hundreds of ID’s and passwords, so you write them all down in an address book.  What happens if you lose it?  Of course, you could scan all the pages of the Code Book, but then they would be on your computer, and hackable.  Or you could immediately back up the scans to a flash key and keep that in a safe deposit box–Possibly encrypted!  Seems like a lot of trouble though.

Other Pitfalls
1) Too-short passwords.
The password-breaking abilities of the usual modern laptop are pretty astonishing these days.  Any password you use should not be found in any dictionary, backwards or forwards.  It should contain at least 8 characters, some of which should be the special characters that reside above your number keys.  Some of the letters should be capitalized.

2) Personal Information.
I once had to substitute for a woman who was called away suddenly for a funeral.  There was no guest ID at the workplace, and she didn’t leave me her password.  As I sat at her desk, I noticed a photo of a dog pinned to her cork-board.   “What’s the dog’s name?” I asked a coworker. 
“Buddy” was the reply–and that was also the password!  Don’t make it easy to guess your password. 

Developing a Password Strategy
If you are like me, you have passwords with different levels of importance;

Critically Important
Online Banking Passwords, Workplace Passwords, email, etc.
If anyone gets these passwords, you are in real trouble.

Private
Blogging, Twitter, Facebook,
You could be embarrassed if someone makes bogus posts attributed to you.

Trivial
Informational websites with no banking or social abilities.


Does It Have to Be the Real You?

Think hard about this one.  If you are talking about credit cards, online access to your bank, or your tax returns, the ID you have for these websites really does have to be the real you.  For everything else, pseudonyms work just fine, and add additional protection.
Using other names is a time-honored tradition in writing.  Samuel Langhorn Clemens is best known by his pen name ‘Mark Twain.’   The theologian Soren Kierkegaard created many identities with different theological persuasions, and sometimes made them argue with each other!
You could assign one pseudonym to be a hard-core vegan, and another to be a real fan of bacon, as an example.  It is possible to assign one identity to a broad category of your interests, and another identity to other categories. 
Try to pick an obscure figure from literature for your identity.  If you use John Falstaff, for example, the name of a character in a Shakespearean play, any attempt to google your information online will be clogged up with every English Literature commentary on Falstaff–10.3 Million hits, tonight.

Suggestions for Secure Passwords

1)
The Phrase that Plays

For high security websites, you could use the first letter of each word of a phrase that you can remember--
For example,

“Our Beautiful Daughter Worked Far Too Long for McDonalds!
becomes
obdwftlfm

That’s a pretty good password.
It gets even better if you include the exclamation point at the end;
obdwftlfm!

You can make it even better if you substitute the numbers “2" and “4" for ‘too’ and ‘for:’
obdwf2l4m!

If you have such a daughter, you will remember the Phrase that Plays--
And if you risk forgetting it, you can put a note on your corkboard that says something like “Daughter, McD”–and likely you will remember the whole thing.

2)
The Generated Password

With this method, you develop a set of rules for generating the password from the name of the website.

One such rule set would be;
First character is #
Then last syllable of the website name
Then 33
Then first syllable of the website name with its first letter capitalized.
Then the word ‘booger’

So your password for netflix.com would be;
#flix33Netbooger

Your Amazon.com password;
#zon33Ambooger

Ebay.com password:
#bay33Ebooger

and so on. 

3)
What if I have to change the password frequently?

I suggest using some combination of the above strategies, and sticking a 3-digit number in the middle of the password.  You can increment the 3-digit number in a non-standard way, and still have a secure password that is hard to guess.

From the daughter example above, suppose we say that a 3-digit number has to appear after the fourth character?   The beautiful daughter password then becomes;
obdw000f2l4m!
Next week, when the password must change, you can increment the middle number to get:
obdw030f2l4m!  Keep counting up by threes on the middle number until you roll around to three zeroes again, then increment the first number by fours or the last number by sevens.  This makes it simple to remember your password but very difficult to guess–So long as no one else knows your process!
The three number combinations generated in this way would be 000,030,060,090,020,050,080,010,040,070, and 000.   Then,
004,008,002,006, and 000.  Then
700, 400, 100, 800, 500, 200, 900, 600, 300, and 000.

4) The Bonfire of the Profanities

The human mind is wired to remember obscenities clearly.  Probably something to do with taboos--

In high school, we had to learn the color-coding for resistors and capacitors.  It was an extended rainbow, with the colors representing numbers or exponents.
Our teacher, Mr. Cave, formerly of the Navy, taught us the Navy method;

Black 0 Bad
Brown 1 Boys
Red         2 Rape
Orng 3 Our
Yel         4 Young
Grn         5 Girls
Blu         6 But
Violet 7 Violet
Grey 8 Gives
White 9 Willingly

This shocking phrase instantly burned the color coding system into the brains of every adolescent boy in the room–and at that time, there were only boys....

Likewise, if you need to remember a password that you absolutely cannot write down, add some profanity to it, and you will remember it.   As a cleaned up example;
“Olivia Newton John has the hots for you and me!”
would be
ONJh000th4Uam!
If you keep the capitalization, add three digits after the fourth letter, substitute ‘4' instead of ‘for,’ and use capital ‘U’ instead of ‘you’ it makes a very nice password.

Adding ‘booger’ to the end is left to the reader as an exercise.

Comments

Popular posts from this blog

How to get AAX Audiobook files into Audible Manager

How to get AAX files into Audible Manager – 20180121 My System; Lenovo ThinkPad E440 running Windows 7 64-bit running Audible Manager 5.5.0.8 My MP3 player – Sansa Fuze THE PROBLEM I can download .AAX files from my Audible account to my windows PC, but cannot get them into the Audible Manager. For several years, I have had to manually import audiobook files into the Audible Manager after downloading them from Audible. The usual process was to download the new Audiobook to the default location, C:\Users\Public\Public Documents\Audible\Downloads I would then start up the Audible Manager's army green box. Clicking [File] and selecting [Add Audio Files] in the upper right corner would take me directly to the default file location, where all of the previous downloads reside. I would then left click on the file, and click the [Import] tab at the bottom of the page to import my new AAX Audio file into Audible Manager. Once it was there, I could l...

Installing HR Block Tax Software in Ubuntu Linux using Codeweavers Crossover

Running HR Block 2017 Tax Software in Ubuntu Linux  Using CodeWeavers Crossover 2017 US taxes are due to be filed by midnight on April 18, 2018. It will surprise no one that a lot of people have waited to the last minute to start filing. At 9:30 PM, I got a call from a young relative who needed to do his taxes for the first time ever. He is a Linux enthusiast, and does not have a Windows or Apple/Mac computer. I thought I would try installing HR Block 2017 Tax Software on the Linux side of my laptop. 1) Obtain and install Codeweavers Crossover for Linux This software allows you to run many Windows apps in Linux-- https://www.codeweavers.com/ 2) Download the HR Block Windows tax software package. This year, its available from www.hrblock.com/2017/DELUXEWIN You will need an activation code, which should be provided when you buy the package. The default download location is /home/yourname/Downloads/ The app’s ...

Geomantic Magic Squares

Geomantic Magic Squares I am fascinated with patterns that have patterns within patterns, wherever I can find them. Fractals are like that– Simple equations that generate complex patterns, which don’t come out the same with successive runs.  Fractals are probably the way that Nature encodes the instructions for making trees.  How do the trees know how to do that?  Topic for another blog... The Fibonacci sequence and its related structures are another example of this– Awesome and wonderful, and a model that seems to be used by the ground structure of the Universe, as discussed in Chemistry by Number Theory. Well, here’s another one-- I have been reading about the ancient practice of Geomancy.  Geomancy is a traditional technique that apparently started somewhere in Africa or the Middle East.  The idea is to generate a series of four figures, each consisting of four levels of dots.  Each level can have one or two dots.  Once generated, the four ...