Choosing Secure Passwords

This lesson presents some techniques for choosing secure passwords. There are other techniques.

The term password is a poor one because it implies that a word should be used. A word is a poor choice because it can be discovered far more easily than a string of random characters. Of course, random characters are also a poor choice because they are difficult to remember. What's needed are passwords that are more difficult to discover than words and more easily remembered than random characters.

The techniques described below use the term passcodes since they are not words.

Pronounceable passcodes

This technique is simple and yields passcodes that are easy to remember. If you choose alternating vowels and consonants, the resulting "word" tends to be pronounceable. For example:

pasunabi

This is easy to pronounce and easy to remember.

But it contains only letters. Many systems want your passcode to consist of some mix of upper and lower case letters, numbers, and symbols. You can get a mix of upper and lower case by alternating the case:

PaSuNaBi

You can add one or more numerals:

9PaSuNaBi

or

PaSuNaBi747

Do not change your passcode just by changing the numbers at the end. This is not secure. You should change your entire passcode.

Passcode acronyms

A passcode acronym consists of the first letters of all the words in a phrase or sentence. For example, the acronym:

Apsiape

is for the sentence "A penny saved is a penny earned."

The acronym could be a phrase or sentence from a book:

Iwtbotiwtwot

"It was the best of times, it was the worst of times" from the Dicken's book A Tale of Two Cities.

Like pronounceable passcodes, this usually results in an alphabetic string. For this sentence, you could include the comma in the passcode:

Iwtbot,iwtwot

One is the loneliest number.

This becomes:

1itln

You can substitute the number sign for the word "number":

1itl#

Note: You can add numbers by substituting them for some letters, such as zero in place of the letter O and one in place of L and I. Security experts caution against using such a simple letter-substitution code, but their complaint is usually because users are choosing ordinary words to start with. There's less concern if you're choosing pronounceable and acronym passcodes.

Using Symbols in Passcode Acronyms

The symbols on your keyboard can be used to create shapes, whose names are part of a phrase or sentence. The best way to understand this is to look at examples:

Tot[]

where the left and right brackets form a box.

The sentence "Diamonds are forever." is represented by this passcode:

<><><>af

where the less-than and greater-than symbols form a diamond shape. You'll have to remember how many diamonds there are, of course.

A symbol might already be a shape. For example, Starry, Starry Night, from Don McLean's song about Vincent Van Gogh's painting, can be represented by this passcode:

  *y*yn

Some of the symbols on your keyboard have unofficial names. For example, the exclamation point is sometimes called bang and shriek. This acronym:

Cc!!

can mean "Chitty Chitty Bang Bang". Most systems won't allow such short passcodes, so you'll have to lenghthen it. Since this is the name of a movie, you can add the leading actor:

Cc!!wDvD

for "Chitty Chitty Bang Bang with Dick Van Dyke".

Conclusion

The techniques presented here should be enough to keep you creating passcodes that are more secure than what you've been using. Do not use the examples given - that would not be secure. Create your own.