Choosing a strong and memorable password
May 9th, 2008
photo: Thomas Hawk
I don’t think I’m alone in having difficulties inventing strong and secure but unique and memorable passwords for every website. The problem has really exploded recently as I’ve started to do more online shopping making it even more important to keep all my accounts secure.
I found out about the following technique to choose strong and memorable passwords today and I think it’s really good.
A good technique for choosing a password is to:
Choose a phrase between 8 and 16 words long that will be easy to remember. You can include names and numbers too.Take the first letter of each word in order, including any numbers, capital letters or punctuation. This then becomes your new password.
For example:
Choosing the phrase: ‘My pet dog’s first name is Rex!’ would result in the password: MpdfniR!
or the phrase: ‘My sister Peg is 24 years old’ would give the password: MsPi24yo
Choosing a password in this way produces a password which should be easy to remember, but cannot easily be guessed. With practice, you should be able to choose phrases which provide the required number of different character types.
You can choose words and associations which are relevant to the site you may be visiting. Say Amazon.com - you might associate that with the environment and therefore one of Gandhi’s sayings: “Earth provides enough to satisfy every man’s need, but not every man’s greed.” By taking the first part of his quote and applying the quoted method, you might have a password like “Epe2semn,“.
I think by more or less any measure, this password is pretty secure. It contains a mixture of uppercase and lowercase characters, numerical characters as well as punctuation.
Some scientific research on this method is detailed in a Cambridge University paper “The memorability and security of passwords - some empirical results” (2000).
Some keyboard patterns can be quite neat, too - I’m still using that approach for some passwords 20 years on. Suitably perverse geeks will recognize qjkxbmwvz. Now do that alternating from either end and couple it with some bouncing on the shift key and qZjVkWxMb becomes a blighter for people to shoulder-surf, too. The strength of this is directly related to the imagination applied - small wonder people used to come up with `fred’ when it’s all within a 2×2 block.
Another approach when you need speed and a password to give to someone else is to look at junk on your desk or out the window. w4t3rb0ttle, that kind of thing.
Bruce Schneier reported a while back that 10 years ago the most common password was `password’. Now it’s `password1′…