The challenge with using strong passwords is that strong passwords are difficult to remember. They often get written down defeating the security benefits of the passwords strength. On the other side of the problem, easy to remember passwords are almost always easy to crack or out right guess.
Most security engineers will strike a compromise and go for passwords that contain words or partial words with some character substitution.
The fundamental issue here is that humans remember words well. It’s the foundation of our use of language. But we can use another approach to create very strong passwords that are also easy to remember.
The trick? Derive passwords from something as easy to remember as words; phrases. Easy to remember phrases can be used to generate very strong passwords.
Let’s take a sample phrase to use as our seed. I tend to prefer obscure quotes from movies or literature. I look for quotes that I find myself remembering but that aren’t popular. Lets take a quote from the Sam Raimi movie “Evil Dead II”:
“I got you didn’t I you little sucker!”
We can take an acronym approach to generate:
igydiyls!
We could also take a syllable approach to generate:
igydniylsk!
We could take a last letter approach to get:
itutiuer!
Next we want to strengthen the password without losing its mnemonic properties. We can accomplish this with some character replacement. I’ll use our first example and extend it. I try to use characters in the replacement that aren’t common. For example, I wouldn’t swap an e for a 3, or an i for a 1 or an a for an @. Those are too predictable.
In this case I’ll swap:
“.” For the letter “d” d stands for dot.
“6” for the letter “G” similar shape but not very common
“b” for the character “!” often called a ‘bang’.
And lastly I’ll substitute the character “s” for a shift on the keyboard so the very next character will be shifted to uppercase.
Now I get:
i6y.iylB
Ok now that’s a pretty good password! If your administrator handed you this password you would probably cringe, knowing you would have a hell of a time trying to remember it. Now when I type it I recite the quote. In my head of course
I (type i) got (6) you (y) didn’t (.) I (i) you (y) little (l) sucker (SHIFT) ! (B)
I hope this helps. Please post comments if you have any nifty password tricks.
