We looked at passwords and password strength in the context of a random password generator. That's a great tool and a wonderful ideal, but sometimes random strings can be a squeency bit hard to memorize and type.
Here are some tactics I've found for creating easily memorized passwords (with the understanding that you still need strong passwords and great security.)
I want to make one point, though, before I start: I've both been taught and seen that when you give people an example password, they will think that the example is itself a great password, and then use the example. Don't do that.
Acronyms: Take a phrase or sentence, using the first letters of each word. For example, "This password is for the backup administrator account" might become Tpiftbaa. That's not great (sufficiently random, but only 2 classes of character), but moving in the right direction.
Passcodes: Systems that will take a longer password can take a phrase or sentence in the form of a passcode. With the previous example, "This password is for the backup administrator account." could itself be the password. That's much stronger-- much longer and it adds the period as a third class of character, but remembering the little fiddly words can get tricky with these.
Patterns: Sometimes thinking outside the box is the key to a good password. Look at your keyboard and find a nice pattern. I'll use the keys on the left of a standard qwerty keyboard. Note that the keys make a cool "V" pattern-- hey, that's kinda random! "1qazse4" isnt' just a pattern on the keyboard, it's a decent password. The problem here is that somebody shoulder-surfing is much more likely to be able to pick up on your password because it makes an obvious pattern.
Transposing Characters: I hesitate to mention this one, because it's so easy to be lazy. Think you're 1337? Well, 'leet boy, you can use a "1" for an "i" or a "#" for an "H". This is a good tactic, but easy to abuse. "P@ssw0rd" is a very, very bad password- easily guessable. Use this tactic, but in conjunction with passwords that are good to begin with.
Mnemonics: Like anything memorized, attach them to other concepts or items-- or make up your own secret special meaning for your password. Pronounce it out loud in your mind-- just don't use things that are easily memorized but also guessable things about you.
Naughty Passwords: Since other mnemonics are often insecure, one trick you can use to make passwords more memorable is to use elements that are at least slightly naughty. Let's say your boss has a serious problem with rearward-facing pants bulge. Myb#aBFA would be a pretty good password! Breaking that down:
My
b(oss)
#(leet-h for has)
a
Big
Fat
Ass
Bet you won't forget that one so easily!
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment