Specifically, the joy of devising a new password that meets minimum safety requirements (6 characters, mix of letters and numbers, doesn’t contain any dictionary words) that I know I will always remember.
I have a pool of about 15 passwords in my head – I mostly remember which ones go with which applications, and if i don’t I usually get it on the second or third try. All of these passwords have been with me for about a decade and a half (hey, that’s about one a year!), moving from place to place and institution to institution. When I have to change a password, I swap it for another of my golden fifteen. There’s a lot of double ups – I think I have about forty or so logins in different places around workplaces and the internet.
Many of my 15 passwords are acronyms. Take the first letter of each word in a saying, song lyric or movie quote, and you’re underway. Mix it up a bit – some letters you can replace with numbers because they look similar or the words they reference are actually numbers. Mix case up and down if your password is case-sensitive; put the emphasis words in capitals. Easy as pie to remember, and very much uncrackable. (e.g. a password devised from that song from Grease “You’re the one that I want” => “Yt1tiW”)
And now, using a variation of the above scheme, I have come up with a new password. It delights me because it is so simple and so memorable yet still quite safe. It is a strange thing to take pleasure in, but there you go. I’ll probably still be using this new password in another fifteen years.
So. Got passwords? How do you manage to remember yours? Do you discard old passwords forever or keep them around in your head to use in other places?
17 thoughts on “Joy of Passwords”
Comments are closed.
I’m a shocker for the old ‘choose a good combination of letters and numbers that means something… then just increase the number each time to need to renew it’ technique.
Even at work alone I have six different logins and passwords I need to use – then there’s everything outside work. It’s all just too hard, and symptomatic of poor network and internet design…
I prefer the use of a password safe application, that generates passwords that are impossible to remember, and just remember the password to my database. Significantly more secure than anything that I can remember! (Plus some throwaway memorized passwords for things that I don’t actually care about keeping secure).
Mike – I’m not familiar with that sort of app. Very interesting. Google brings up this example: http://www.schneier.com/passsafe.html
!
I heard about an interesting password scheme recently. Here’s how it goes:
Firstly, you have some special phrase. Maybe it’s “morgue is teh awsum”.
Secondly, you look at the domain you’re logging in to, and concatenate. So you get “morgue is teh awsum additiverich.com”.
Then you run the whole thing through something like md5 or sha, producing “752d92e675c000079a4bb23e8ae29a78c4c2094f”.
This last is what you use as your password. Obviously you don’t remember it yourself; you use your web browser or your favourite password management app to remember it. But if you move to a new browser, or a new computer, you can easily follow the process to regenerate the password.
(of course, this doesn’t help passwords not on the web)
I shouldn’t really disclose my method, because once you know it, it would be relatively easy to crack some of my passwords.
I have a handful that I reuse, and a pattern for generating more for when I’m using a login that ages passwords. That, and I have them ranked from Most Secure for things like banking applications to Least Secure for things like internet signups that I don’t much care about, and probably don’t trust the security of anyway.
John – that’s quite clever, that one, because the memory load on the human brain is very low, the complexity yield is high and you can get your passwords back if you accidentally drop your hard-drive and all backups down the loo.
Jon – “I shouldn’t really disclose my method” is a great phrase. Elite pickup artists use it, I’m sure. “…because once you know it, it would be relatively easy to seduce far more women than you could possibly survive.”
Stephanie – yeah, I also rank security. There are so many pointless signups to internet services I wish to access, each with their own little password necessity.
All of my passwords are ‘yoyofuckyo’. There, now you can steal my identity you loser. 😛
Morgan – you are insane.
I use lastpass.com which has a random password generator for each site. Just one password to log into lastpass and I can then log into all my sites at the click of a button without having to remember any of them. Works great. (The passwords are all encrypted using my master password too so no-one else has access to them). Similar to what Mike mentioned above but web based.
Now I have that damn song in my head!
Ooh ooh ooh!
Thanks.
Dude, you always told me you hate Grease but here you are using a song from it as an example. What’s gone wrong with you?
Pearce: its mostly because I wanted to ruin Derek’s day.
Morgue, that one Google found for you is the one I use.
I’m pretty confident that Schneier has made it as unbreakable as is reasonably possible.
(that was me, failing to use the form)
“Jon – “I shouldn’t really disclose my method” is a great phrase. Elite pickup artists use it, I’m sure. “…because once you know it, it would be relatively easy to seduce far more women than you could possibly survive.””
This is the story of my life at the moment. Actually.
I have three secure ones that I shuffle about every 6 months or so, and have done for at least 10 years. I also have a couple of pretty naff, easy to remember ones used for unimportant things.