jump to navigation

Keep Your Passwords Safe December 6, 2007

Posted by caveblogem in DIY, how to, information management, lifehack, Memory, Other.
trackback

I just read this post on Lifehacker today and was a little surprised how few people keep passwords the same way that I do. Aggregated from an interview with Bruce Schneier at the Freakonomics blog (New York Times) it advises that you write down your passwords. He has some sort of password generating and encrypting program that he also uses, and I don’t have any idea what that’s all about, or why anyone would need such a thing. Over at Freakonomics they like the counterintuitive nature of the advice, I guess. But I agree with the idea in principle.

I have worn quite a few different hats at work in the last five years, and so, like many people, have literally dozens of passwords that I have to remember, and another couple of dozens that I use in blogging and my personal stuff. I write them down, but can usually remember them without referring to the written versions. And I have no fear that the written versions will be used by spies or snoops, because they are encrypted with my own system.

Here’s how it works:

  1. Come up with some sort of mnemonic trigger for your password. My Netflix password might be the title of my favorite movie, for example. Say, Casablanca (which is not my favorite, but has the advantage of . . . well . . . not being my favorite and being one word long.)
  2. Then come up with a two or three digit number that has no particular significance for you, but which you will remember to use in all of your passwords. How about 892? Commit to always putting the 8 after the first letter and the 92 just before the last, for example.
  3. Decide to use some odd, yet consistent method of capitalization. Commit, for example, to capitalizing the second-to-last letter of each password.
  4. Integrate all three of the above into a password: c8asablanc92A.

My Amazon.com password might be the name of a book that I bought from them and hated, which will become o8ddthoma92S.

Now, write down all of your passwords, but do not write down the algorithm that converts them into the actual passwords. On a slip of paper, or with a sharpie on your wall or desk, your forehead, write Netflix: Casablanca. Write Amazon: Odd Thomas (you’ll know that there should be no space in the actual password, of course.) Any luck and it will look more like a shopping list than a bunch of passwords.

Comments»

1. zandperl - December 6, 2007

My workplace has this annoying habit that we’re forced to change passwords every 3 months. Not only has this proven an ineffective way to prevent hacking, it’s a very effective way to forget passwords. We also can’t rotate back to passwords we’ve used within the last 6 months. So I use an algorithm myself related to the date and a word indicating that account.

2. strugglingwriter - December 6, 2007

Some good advice here. I have techniques of my own, but I might try there next time I need a password. Thanks!

3. caveblogem - December 6, 2007

zandperl,

I have to use the date system for two or three passwords, too. I substitute the number I usually use with the dates I change the passwords, which are just 6 months apart. So the password would look like: e05mai07L for six months, then e11mai07L for the next six months.

Glad to see I’m not the only one thinking along these lines.

4. SilverTiger - December 7, 2007

We are often told never to write passwords down and there is some sense in that if you are the careless sort. On the other hand, we are also told to use a different password for every sign-on. That makes sense too but means we end up with dozens or even hundreds of passwords.

Yes, you can think up passwords and mnenomics to recall them. I used to do that but the sheer number of passwords that I now have means that I would have to have mnemonics to remember the mnemonics.

I therefore unashamedly use a password file. I keep it very, very, very carefully. It is the only solution. Similarly I have have credit cards, debit cards, all sorts of cards, all with their different PIN numbers. I have to make a note of these. Guessing how is left as an exercise for the reader.

Password generators are great. They produce things like “1w98vs0m”. This stumps anyone who assumes you will use your cat’s name as a password. Or your girlfriend’s. They are hard to remember, though. I use them for the most sensitive logons. For the others I use ordinary words or made-up words that I think no one would ever guess. But it’s a funny thing: we humans aren’t good at randomizing: computers are a lot better. (Though strictly, what they produce is not random but pseudo-random strings.)

The passwords system is a clumsy one but it has one definite advantage over biometric systems (possibly the next great Technical Leap Backwards): no one can cut off your finger or gouge your eye out to use them to log on in your name.

Of course, they might bash hell out of you to get you to reveal your password, I suppose.

5. Brian Buck - January 8, 2008

I like the consistent numbers and capitaliztion rule and will incorporate them.

My work requires special characters yet a lot of sites do not accept them! I need to make a rule for for those.

6. caveblogem - January 10, 2008

Brian, thanks for the kind words. My wife was trying to log on in Peru last week and found out that the keyboards have special characters in different places than they are in the US. So her method, which was an easy-to-remember number typed with the shift key held down–which yielded a string like this: !#$&*%–was a real problem. She had to find a picture online of an American-style keyboard and then figure out where to find the same characters on the South American one.

7. LaCréole - March 19, 2008

I think your idea is great!
I just dont trust password-keeping software anymore, because I often reinstall my pc because of shitty software, and I always lose my saved passwords. But writing them down and keeping them ion my wallet seemed to unsecured for me…
Finally I got the solution for this problem, by your help! Thanks, mate!

8. caveblogem - March 21, 2008

Thanks, LaCréole, glad it helped somebody.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: