The Modern Password
Insights / 04.24.15 /
Passwords should be strong and easy to remember. For a long time we’ve done a good job of making them hard to remember by requiring a certain number of characters with at least a symbol here or a number there. I propose this solution to making them easier to remember and stronger at the same time.
A good password can be the difference between locking your door or merely leaning a chair against the knob. A common requirement for a password is that it be a certain length and a combination of character types. The length usually increases its strength, but also makes it more difficult to remember. An example of a bad password is something like “pizza123!” or “cookies!1!” which satisfy most password requirements but are not particularly strong passwords or easy to remember.
A good password that is easy to remember is be something like “furniture potatoes until afternoon”. This example however would fail most password requirements because it does not include a symbol or number but in fact has more entropy than a password like those shown above and is easier to remember. Case in point, just think about furniture potatoes until afternoon, at which time they will go back to being normal potatoes and bam the password is stuck in your head. The question is however, how does this help if it does not meet standard password requirements? Well it can with only a couple of modifications.
Many people use the same password for most of their logins. Unfortunately, as soon as one is compromised every login needs to be changed, ASAP. My solution is to use a single scheme for your more memorable but different passwords. To make the password above pass requirement checks, you could do something like this: furniture_potatoes1until!afternoon” which gives the password two symbols and a number between the words. This increases the strength slightly but makes it harder to remember.
The idea is to have a memorable scheme and use that scheme for all of your passwords. Make each password different by simply using different words within the same scheme. For example, another password using the same scheme as the one above could be “indeed_found1simply!her”. So instead of keeping scraps of paper with your different passwords on them or notes on your desktop, just keep one with your scheme on it. After using the scheme over and over again, while applying different words, your passwords will be easily memorized, since your scheme will always remain the same.
For more technical details, check out these links.