A lot of my career in IT work has focused on protecting data. Performing data backups, data integrity tests, testing data encryption and creating data security policies.
The university I worked for had multiple logins and passwords and strict guidelines for how complex passwords had to be and how often they needed to be changed. Part of my job was to enforce those password guidelines and train people on how to properly secure their data. I’d cringe every time I found a sticky note with a string of numbers and letters taped to the back of a picture frame or tucked under a keyboard, the most common password hiding places. I cringed a lot. The users always had the same excuse, it wasn’t their fault they simply couldn’t remember all the complicated passwords.
I understand, I really do. Remembering passwords is a pain and most companies now will make you change your password several times a year. Many places won’t allow you to re-use old passwords ever. Most people manage their banking, credit cards, utility bills and rent or mortgage online, add into that work passwords and social media passwords it’s nearly impossible to keep separate passwords for each login, rotate them as required and remember them all.
You can pay for a service to store all your passwords, but then you need a way to log into that service each time you need to access a password. If the service goes down, you’re out of luck.
Over the years I developed my own three-step method for generating strong passwords that are easy to remember. I’ve taught this method to several people over the years and all have told me that it worked for them so I thought I would pass the information on to a wider audience. Once you’ve used this method a couple of times you should have no problem customizing the formula and meeting those pesky password requirements.
- Pick a phrase that is easy to remember.
- Use a formula to convert the phrase to a strong password.
- Store a hint to the original phrase so you can re-use the formula if you forget the password.
Here’s an example — this is not a password I use or recommend anyone should use since this information will be publicly available, this is for illustrative purposes only.
First, find a memorable phrase from a book, movie, song, television show, anything you’re not likely to forget. For this example I’ll use a phrase from Liam Neeson’s speech in Taken:
It’s a memorable speech. I particularly like the line below so I’ll use it to create the password:
- I don’t have money, but what I do have are a very particular set of skills
We’ve got the phrase, now to turn it into a strong password there are four requirements the password needs to satisfy: length, uppercase letters, numbers, and symbols.
Start by taking the first letter of each word in the phrase, that gives:
- I d h m b w I d h a a v p s o s
That’s a 16 character password, which should be long enough to satisfy most password length requirements these days. If your phrase is too short you could try adding on the year the movie came out (2008) something like this:
- I d h m b w I d h a a v p s o s 0 8
or even
- 2 0 I d h m b w I d h a a v p s o s 0 8
But that’s getting to be a lot of typing so let’s assume the 16 character phrase is long enough.
Once the length requirement is satisfied, we have to make sure there are at least two capital letters. Sometimes a phrase doesn’t happen to naturally have two capital letters, in those cases I usually choose to capitalize the direct objects (money, skills) because I feel they set the tone of the sentence, but you might also go with verbs or adjectives. Just choose whatever part of speech is most memorable for you. Since we already have two natural capitals in this phrase I”ll just keep what we have so far as:
- I d h m b w I d h a a v p s o s
Now we need to add a couple of numbers to the mix. It’s pretty easy to envision the “o” being converted to “0”, but we’ll still need at least one more. You could choose to turn the “v” into “5” if roman numerals are your thing. Alternately, you could flip the “m” on it’s side to become a “3” if that seems natural to you. To me, the “s” resembles “5” and I find that easy to remember, so I’ll change those. That leaves us with the now stronger password:
- I d h m b w I d h a a v p 5 0 5
I’ve had people tell me that “h” must be flipped to become “4” or an “L” must be spun into a “7”. I’ve even had people insist that any “d” must become “4” because it’s the fourth letter of the alphabet, that works too. There are endless ways you can customize this step and once you’ve done it a couple of times you’ll notice certain conversions just make more sense for you. After a few times this step becomes automatic and you don’t need to remind yourself that you always convert “m” to 3 or “f” to “7”.
That’s pretty good, but we need to add at least one special character. You could put the comma back in after the ‘m’ if that seems like something easy to remember. However, I try to stay away from remembering punctuation and I prefer to use symbols that resemble the shape of the letters, similar to the process for picking numbers. You could change the “I” to “!’ but that blows away our capitals and I don’t want to go backwards. We could flip the “v” to become “^” or just throw a sh-bang (#!) at the end. In this case I’m going to change the “a” to “@” That gives us two special characters and the password becomes:
- I d h m b w I d h @ @ v p 5 0 5
That’s a strong password that will satisfy even some of the most stringent password requirements. Because I used a formula to create it all I really need to remember it now is the phrase I used and apply the formula again. Rather that paying some service to store the password for me, I’ll just keep a hint that says “Taken” or perhaps “Liam” and that will be enough to remind me what the original phrase I used was and I can recreate the rest.
I don’t even have to worry about encrypting my reminder note because it’s not the actual password, it’s just a clue to the cipher used to generate the password. If your resident IT professional finds a sticky note with “Taken” on the back of the photo of the dog on your desk you’re not going to get reprimanded or be asked to repeat IT security training.
Now when your password expires rather than banging your head against the desk for a half hour trying to come up with another new strong password, you can simply move to the next phrase in the speech and apply the formula again. In less than 30 seconds you’ll have your new password.
After you’ve used this method a few times you’ll start developing your own rules for how to substitute numbers and symbols for certain letters and it becomes even easier to apply your own flavor of the formula to your chosen phrases.
You don’t have to limit yourself to movies either, choose your favorite book or album or poet or comedian. It doesn’t matter if it’s Shakespeare or schlock, we all have some guilty pleasure entertainment that we can quote the phrases from. The Godfather works as well as DMX or Stephen King, as long as it’s memorable for you, no one else needs to know. Although your co-workers might find it a bit strange if you keep muttering lines from The Princess Bride, it’s better to be regarded as a bit eccentric than a security risk.
So now that you have a method for making easy to remember strong passwords, please generate new passwords and destroy all the old sticky notes that you’ve hidden on your desk at work because I guarantee you there are at least three people in your office who already know all your hiding places.
No comments:
Post a Comment