How to remember your password

key

Passwords are frustrating… endless amounts of different passwords, different requirements, uppercase, lowercase, letters, special characters across different websites and applications. Its no wonder users simply use the same password across everything, leading to real issues if their details are compromised.

Even as an techie I get frustrated. I empathize when a user cannot remember their password because they are forced to change it constantly. If your users are forced to change passwords too often they often become lazy with the convention and simply increase the number by one or even add a ‘1’ at the end. If your users are not required to change a password your running a huge risk. Email access is available on the internet and on mobile devices easily now, financial spreadsheets, remote access the list goes on.

Many people simply use their kids names, dogs name, wife’s name, favourite sport which can be easily socially engineered from your facebook/twitter account in minutes. Is your password one of the most common listed here on the report by the BBC? – The top 500 Passwords

A password can also be brute forced by a dictionary attack, a modern day computer can test 4 billion passwords per second, a standard 8 character password may take around 10-12 minutes to crack.

So whats the solution? Phrases with association. If I was logging into a golfing website, i’d pick a word I associate with Golf – such as a Caddy.

Let me give you an example

Take three words lets use these:

Yellow-Horse-Caddy

A bit of an odd selection but there is method to the madness.

YellowHorseCaddy

Just on their own – it would take a PC 22 Billion years to crack that. I’ve got my associated word and 2 odd enough words that they are funny enough to remember

I’ve got a yellow horse and hes a caddy!

Yes of course most websites need a letter or a special character, so lets add those into the mix, first two vowels are numbers and exclamation at the end.

Y3ll0wHorseCaddy!

Now obviously this is good for one website, but what if i’m using the same method for my email?

Y3ll0wHorseInbox?

I’ve got a yellow horse and hes in a box?

Its worth changing parts of the password, Now password change policies make it a little trickier but not impossible, Adding number on the end is likely to complicate things again, so maybe simply change the colour or the object but put a phrase to it every time, make it funny, make it memorable and make it personal to you.

A true password doesn’t have any significance to the next and whilst this isn’t the best password policy available its a good compromise between memorising it and maintaining security.

For those wondering – that isn’t my password, stop trying. 🙂