Keeping Track of Passwords
I remember reading an article about Passwords in the 1990's. It might have been in PC World Magazine (R), or maybe the Washington Post. Can’t remember where it was, but at least some of these ideas came from that article.
Anyway, passwords came up again this week. One of my legion of readers writes, “I have something like 20 passwords that I have to remember, and some of them have to be changed frequently. I am always forgetting my passwords! What can I do?”
There are a number of password-making strategies. The most common ones have critical weaknesses:
1) The Key to the Kingdom.
This is a password so marvelously easy to remember, yet so difficult to guess, that the user sets it as his password every time he needs one. The weakness is obvious. If someone guesses or finds the password, he has instant access to a bank account, medical records, tax returns, emails and work accounts.
2) The Sacred Scroll
You use several passwords, but can’t quite remember them. So you write them on a piece of paper and stick it in your desk drawer at work, or tape it to the wall. Of course, if you can get to it, someone else can also get to it. What happens if they take the Sacred Scroll? They have your passwords–And you don’t.
3) The Code Book
A longer version of the Sacred Scroll. You may have hundreds of ID’s and passwords, so you write them all down in an address book. What happens if you lose it? Of course, you could scan all the pages of the Code Book, but then they would be on your computer, and hackable. Or you could immediately back up the scans to a flash key and keep that in a safe deposit box–Possibly encrypted! Seems like a lot of trouble though.
Other Pitfalls
1) Too-short passwords.
The password-breaking abilities of the usual modern laptop are pretty astonishing these days. Any password you use should not be found in any dictionary, backwards or forwards. It should contain at least 8 characters, some of which should be the special characters that reside above your number keys. Some of the letters should be capitalized.
2) Personal Information.
I once had to substitute for a woman who was called away suddenly for a funeral. There was no guest ID at the workplace, and she didn’t leave me her password. As I sat at her desk, I noticed a photo of a dog pinned to her cork-board. “What’s the dog’s name?” I asked a coworker.
“Buddy” was the reply–and that was also the password! Don’t make it easy to guess your password.
Developing a Password Strategy
If you are like me, you have passwords with different levels of importance;
Critically Important
Online Banking Passwords, Workplace Passwords, email, etc.
If anyone gets these passwords, you are in real trouble.
Private
Blogging, Twitter, Facebook,
You could be embarrassed if someone makes bogus posts attributed to you.
Trivial
Informational websites with no banking or social abilities.
Does It Have to Be the Real You?
Think hard about this one. If you are talking about credit cards, online access to your bank, or your tax returns, the ID you have for these websites really does have to be the real you. For everything else, pseudonyms work just fine, and add additional protection.
Using other names is a time-honored tradition in writing. Samuel Langhorn Clemens is best known by his pen name ‘Mark Twain.’ The theologian Soren Kierkegaard created many identities with different theological persuasions, and sometimes made them argue with each other!
You could assign one pseudonym to be a hard-core vegan, and another to be a real fan of bacon, as an example. It is possible to assign one identity to a broad category of your interests, and another identity to other categories.
Try to pick an obscure figure from literature for your identity. If you use John Falstaff, for example, the name of a character in a Shakespearean play, any attempt to google your information online will be clogged up with every English Literature commentary on Falstaff–10.3 Million hits, tonight.
Suggestions for Secure Passwords
1)
The Phrase that Plays
For high security websites, you could use the first letter of each word of a phrase that you can remember--
For example,
“Our Beautiful Daughter Worked Far Too Long for McDonalds!
becomes
obdwftlfm
That’s a pretty good password.
It gets even better if you include the exclamation point at the end;
obdwftlfm!
You can make it even better if you substitute the numbers “2" and “4" for ‘too’ and ‘for:’
obdwf2l4m!
If you have such a daughter, you will remember the Phrase that Plays--
And if you risk forgetting it, you can put a note on your corkboard that says something like “Daughter, McD”–and likely you will remember the whole thing.
2)
The Generated Password
With this method, you develop a set of rules for generating the password from the name of the website.
One such rule set would be;
First character is #
Then last syllable of the website name
Then 33
Then first syllable of the website name with its first letter capitalized.
Then the word ‘booger’
So your password for netflix.com would be;
#flix33Netbooger
Your Amazon.com password;
#zon33Ambooger
Ebay.com password:
#bay33Ebooger
and so on.
3)
What if I have to change the password frequently?
I suggest using some combination of the above strategies, and sticking a 3-digit number in the middle of the password. You can increment the 3-digit number in a non-standard way, and still have a secure password that is hard to guess.
From the daughter example above, suppose we say that a 3-digit number has to appear after the fourth character? The beautiful daughter password then becomes;
obdw000f2l4m!
Next week, when the password must change, you can increment the middle number to get:
obdw030f2l4m! Keep counting up by threes on the middle number until you roll around to three zeroes again, then increment the first number by fours or the last number by sevens. This makes it simple to remember your password but very difficult to guess–So long as no one else knows your process!
The three number combinations generated in this way would be 000,030,060,090,020,050,080,010,040,070, and 000. Then,
004,008,002,006, and 000. Then
700, 400, 100, 800, 500, 200, 900, 600, 300, and 000.
4) The Bonfire of the Profanities
The human mind is wired to remember obscenities clearly. Probably something to do with taboos--
In high school, we had to learn the color-coding for resistors and capacitors. It was an extended rainbow, with the colors representing numbers or exponents.
Our teacher, Mr. Cave, formerly of the Navy, taught us the Navy method;
Black 0 Bad
Brown 1 Boys
Red 2 Rape
Orng 3 Our
Yel 4 Young
Grn 5 Girls
Blu 6 But
Violet 7 Violet
Grey 8 Gives
White 9 Willingly
This shocking phrase instantly burned the color coding system into the brains of every adolescent boy in the room–and at that time, there were only boys....
Likewise, if you need to remember a password that you absolutely cannot write down, add some profanity to it, and you will remember it. As a cleaned up example;
“Olivia Newton John has the hots for you and me!”
would be
ONJh000th4Uam!
If you keep the capitalization, add three digits after the fourth letter, substitute ‘4' instead of ‘for,’ and use capital ‘U’ instead of ‘you’ it makes a very nice password.
Adding ‘booger’ to the end is left to the reader as an exercise.
I remember reading an article about Passwords in the 1990's. It might have been in PC World Magazine (R), or maybe the Washington Post. Can’t remember where it was, but at least some of these ideas came from that article.
Anyway, passwords came up again this week. One of my legion of readers writes, “I have something like 20 passwords that I have to remember, and some of them have to be changed frequently. I am always forgetting my passwords! What can I do?”
There are a number of password-making strategies. The most common ones have critical weaknesses:
1) The Key to the Kingdom.
This is a password so marvelously easy to remember, yet so difficult to guess, that the user sets it as his password every time he needs one. The weakness is obvious. If someone guesses or finds the password, he has instant access to a bank account, medical records, tax returns, emails and work accounts.
2) The Sacred Scroll
You use several passwords, but can’t quite remember them. So you write them on a piece of paper and stick it in your desk drawer at work, or tape it to the wall. Of course, if you can get to it, someone else can also get to it. What happens if they take the Sacred Scroll? They have your passwords–And you don’t.
3) The Code Book
A longer version of the Sacred Scroll. You may have hundreds of ID’s and passwords, so you write them all down in an address book. What happens if you lose it? Of course, you could scan all the pages of the Code Book, but then they would be on your computer, and hackable. Or you could immediately back up the scans to a flash key and keep that in a safe deposit box–Possibly encrypted! Seems like a lot of trouble though.
Other Pitfalls
1) Too-short passwords.
The password-breaking abilities of the usual modern laptop are pretty astonishing these days. Any password you use should not be found in any dictionary, backwards or forwards. It should contain at least 8 characters, some of which should be the special characters that reside above your number keys. Some of the letters should be capitalized.
2) Personal Information.
I once had to substitute for a woman who was called away suddenly for a funeral. There was no guest ID at the workplace, and she didn’t leave me her password. As I sat at her desk, I noticed a photo of a dog pinned to her cork-board. “What’s the dog’s name?” I asked a coworker.
“Buddy” was the reply–and that was also the password! Don’t make it easy to guess your password.
Developing a Password Strategy
If you are like me, you have passwords with different levels of importance;
Critically Important
Online Banking Passwords, Workplace Passwords, email, etc.
If anyone gets these passwords, you are in real trouble.
Private
Blogging, Twitter, Facebook,
You could be embarrassed if someone makes bogus posts attributed to you.
Trivial
Informational websites with no banking or social abilities.
Does It Have to Be the Real You?
Think hard about this one. If you are talking about credit cards, online access to your bank, or your tax returns, the ID you have for these websites really does have to be the real you. For everything else, pseudonyms work just fine, and add additional protection.
Using other names is a time-honored tradition in writing. Samuel Langhorn Clemens is best known by his pen name ‘Mark Twain.’ The theologian Soren Kierkegaard created many identities with different theological persuasions, and sometimes made them argue with each other!
You could assign one pseudonym to be a hard-core vegan, and another to be a real fan of bacon, as an example. It is possible to assign one identity to a broad category of your interests, and another identity to other categories.
Try to pick an obscure figure from literature for your identity. If you use John Falstaff, for example, the name of a character in a Shakespearean play, any attempt to google your information online will be clogged up with every English Literature commentary on Falstaff–10.3 Million hits, tonight.
Suggestions for Secure Passwords
1)
The Phrase that Plays
For high security websites, you could use the first letter of each word of a phrase that you can remember--
For example,
“Our Beautiful Daughter Worked Far Too Long for McDonalds!
becomes
obdwftlfm
That’s a pretty good password.
It gets even better if you include the exclamation point at the end;
obdwftlfm!
You can make it even better if you substitute the numbers “2" and “4" for ‘too’ and ‘for:’
obdwf2l4m!
If you have such a daughter, you will remember the Phrase that Plays--
And if you risk forgetting it, you can put a note on your corkboard that says something like “Daughter, McD”–and likely you will remember the whole thing.
2)
The Generated Password
With this method, you develop a set of rules for generating the password from the name of the website.
One such rule set would be;
First character is #
Then last syllable of the website name
Then 33
Then first syllable of the website name with its first letter capitalized.
Then the word ‘booger’
So your password for netflix.com would be;
#flix33Netbooger
Your Amazon.com password;
#zon33Ambooger
Ebay.com password:
#bay33Ebooger
and so on.
3)
What if I have to change the password frequently?
I suggest using some combination of the above strategies, and sticking a 3-digit number in the middle of the password. You can increment the 3-digit number in a non-standard way, and still have a secure password that is hard to guess.
From the daughter example above, suppose we say that a 3-digit number has to appear after the fourth character? The beautiful daughter password then becomes;
obdw000f2l4m!
Next week, when the password must change, you can increment the middle number to get:
obdw030f2l4m! Keep counting up by threes on the middle number until you roll around to three zeroes again, then increment the first number by fours or the last number by sevens. This makes it simple to remember your password but very difficult to guess–So long as no one else knows your process!
The three number combinations generated in this way would be 000,030,060,090,020,050,080,010,040,070, and 000. Then,
004,008,002,006, and 000. Then
700, 400, 100, 800, 500, 200, 900, 600, 300, and 000.
4) The Bonfire of the Profanities
The human mind is wired to remember obscenities clearly. Probably something to do with taboos--
In high school, we had to learn the color-coding for resistors and capacitors. It was an extended rainbow, with the colors representing numbers or exponents.
Our teacher, Mr. Cave, formerly of the Navy, taught us the Navy method;
Black 0 Bad
Brown 1 Boys
Red 2 Rape
Orng 3 Our
Yel 4 Young
Grn 5 Girls
Blu 6 But
Violet 7 Violet
Grey 8 Gives
White 9 Willingly
This shocking phrase instantly burned the color coding system into the brains of every adolescent boy in the room–and at that time, there were only boys....
Likewise, if you need to remember a password that you absolutely cannot write down, add some profanity to it, and you will remember it. As a cleaned up example;
“Olivia Newton John has the hots for you and me!”
would be
ONJh000th4Uam!
If you keep the capitalization, add three digits after the fourth letter, substitute ‘4' instead of ‘for,’ and use capital ‘U’ instead of ‘you’ it makes a very nice password.
Adding ‘booger’ to the end is left to the reader as an exercise.
Comments
Post a Comment