I had this idea awhile back, then forgot about it until just yesterday.
Passwords. We’ve all got ‘em, almost certainly more than one. You may have a password on your home computer or laptop. You probably have one or two at work. If you work in the IT department and have administrator access, you’ve got a gazillion and a half.
Oh yeah.. and you have a password for WOW.
This post is dedicated to all you who understand the importance of account security but have difficulty in creating solid, secure, yet memorable passwords.
When I was a kid, I was fascinated with cryptology, the study of codes and ciphers. I checked out almost every book on the subject from my local library.
Letter substitutions, anagrams, Ottendorf ciphers, key words, you name it, I knew it.
The base definition of a “good” password is this: Something you can remember but no one else can guess.
Now, you *could* mash your face against the keyboard a couple times, then write down the result on a scrap of paper and hope you don’t lose it. But please… if you must attempt this method, do NOT leave it on a sticky note next to your monitor. You may as well leave your keys on the outside of the front door. (Also, if you attempt the face-to-keyboard-mashing-method please get it on video and send it to me, I could use a laugh)
Other examples of very poor examples of passwords are:
1) Your character’s name.
2) Your favorite spec “resto4life”
3) Your real first, middle, or last name.
4) Your girlfriend/boyfriend/spouse’s name.
These things can be found out too easily, not necessarily by a Chinese hacker but by an ex with a grudge, sure.
A combination of letters and numbers is a really good idea, but please don’t go for the lazy substitution method. Deler1us is just as stupid a password as Delerius. Don’t do it.
Let me use an example of one of my favorite passwords. I used this several years ago for a game I will not admit to playing (no it was not neopets).
Bmcvt7tfwfsvt758
If your initial reaction is “wtf…” good.
But it is very easy for me to remember. Very easy. I used it every day, multiple times a day, for 6 months (and then I changed it). Even a good password is lame 4 years later.
The beauty of this password is that even if I forgot it, I could remember the steps I used to make it.
First I used the name of a fictional character from a book I had just read. It was Harry Potter book 7, specifically his son who was named “Albus Severus Potter”
A cipher technique first used by Julius Caesar was to move each letter 3 spaces to the left.. for instance a “D” turns into an “A” and “Delerius” turns into “Abibofrp”
I went one letter forward, turning “albus severus” into “bmcvt tfwfsvt”
Then, for numbers. As I mentioned you don’t meet Harry’s son until the epilogue of book 7, specifically page 758.
Bmcvt7tfwfsvt758
Tada.
I could go further. Another method is to split whatever phrase you have into two lines, alternating every other. For example..
Delerius
Dlru
Eeis
And then combine them
Dlrueeis
If I added that step to my other password:
Bmcvt7tfwfsvt758
Bcttwst5
Mv7ffv78
Bcttwst5mv7ffv78
Am I done yet? No.
Another one I like is “keyboard offspacing” yes, I made that term up. This one is simple though, just look down. See how “D” can become “S” just like “Delerius” becomes “Swkweuya”
If we add this to our previous example..
Bcttwst5mv7ffv78
Vxrrqar4nc6ddc67
Or for added excitement, let’s move the letters left and the numbers right.
Vxrrqar6nc8ddc89
Having fun yet?
It *looks* like I mashed my face into the keyboard, but I guarantee you I can remember this password or at least re-create it without putting it on a sticky note.
Before I leave, and because I know Arioch will comment on it if I don’t, Authenticators.
In general they are a very very good idea. But in my honest opinion they cannot compete with a solid password.
And if I lock my keys in the car.. and that means I can’t drive anywhere AND I can’t play wow, I will be a very sad panda.
(Insert picture of sad panda here)