« Airport Security for Parents | Home | KVM Switches »
On Creating Strong Passwords
By Jacob Cohen | July 29, 2008
It’s getting harder to generate secure passwords these days. Part of the problem is that, the stronger a password is, the harder it is for someone to remember. A password such as ‘F7c%el(9xfka$hsa’ is an extremely strong password, but probably almost impossible to remember unless you type it many many times a day for a long time.
Here are a couple of ways of creating strong passwords that are much easier to remember.
- Use the first letters of each word of a long and memorable sentence. The lyrics from a song you like will work well for this. For example, from the song I Don’t Know by Ozzy Osbourne, the first line of the song is, “People look to me and say, is the end near, when is the final day.” This would become “Pltmasitenwitfd”. To make it even stronger, you can tack on the name of the song, separated by some symbol, to get something like “Pltmasitenwitfd$idontknow”. Very strong password, pretty easy to remember (assuming you know the song well).
- String several memorable words or a phrase together separated by symbols. Examples: “We.the*people”, “Skyline:miter-crane”, “Top%of%the$morning”.
Topics: General |
July 30th, 2008 at 1:55 pm
I am a fan of using easy-to-remember words or phrases, but substituting vowels or symbols for letters. For example:
J4c0b-Coh3n
H0lyCr4p!
The O-0 and E-3 substitutions work particularly well because the number key is adjacent to its corresponding letter key on a qwerty keyboard.
July 30th, 2008 at 9:00 pm
Another approach is to use hashing. Basically you decide on a master password, and this becomes the salt for hashing other information to get a password.
For example, you can take a master password, and concatenate it with a site name, and hash that, and get a reasonable password for any number of sites while only having to remember one password.
The disadvantage to this is needing to use the tool each time to get the password. Works well for seldom-used passwords, not as practical for everyday stuff.
Here’s a sample tool.
August 4th, 2008 at 4:38 am
Hashing approach is great, Jacob. Simplifying it to the extreme is easy with SuperGenPass - a JS bookmarklet. Hang it on a hotkey or keyword and there ya go.
August 11th, 2008 at 3:06 pm
I’ve always done psuedo-random 8-character sequences of 3 lowercase letters, a number, an uppercase letter, and 3 more lowercase letters. This way you’re not vulnerable to dictionary attacks (even if you replace ‘e’s with ‘3’s and whatnot, you still could be). Having a template like this helps me remember the base form of my passwords.
September 17th, 2008 at 6:31 pm
The best way to do a password is to just use a pass phrase. Just use a sentence nobody would guess. It would be very secure because of the length and there are no sentences in the dictionary. Use something random like “I wear cheese on my head and boots.” If that were your password it would take a very long time to brute force that.