John Klossner

Blog archive

How Elmer Fudd can improve your password security

Klossner passwordsPeople are using bad passwords. Actually, there are a lot of terms being bandied about to describe these passwords -- "bad," "simple," "lazy," etc. -- when the most accurate term is "easy-to-figure-out." A recent study found that a large number of people are using "123456," "password," etc.

I will defend the "bad" passwords on one account. Shouldn't this discussion be broken into "sensitive information that needs a password" as opposed to "if someone breaks into this and steals my third grade son's essay on the ankylosaurus, they deserve it" passwords? There are numerous sites, chat rooms and online forums that ask for registration or a password to enter that don't contain sensitive information. For these I personally use a simple password that I will always remember without having to go back to the false-bottomed desk drawer where I keep all my secret information. For the security-sensitive password situations, I do what everyone else -- except those cited in the above study -- does: I resort to my personal password recipe.


Related stories

Need to crack someone else's password?

The top 10 awfully bad passwords people use

Revealed: Our picks for the best password strategies


 The challenge here is two way: creating a password that is hard to discover, but yet can still be remembered. I find the real challenge lies in remembering the location where you keep the passwords. You can't keep them in the file labeled "passwords," can you? But then you have to keep a note (labeled "password locations") somewhere secret, requiring you to keep another note ("location of note reminding me where password locations are"), which you keep in a location with a lock, the combination of which you can keep in the same place as the passwords.

Without giving away my own password secrets, here are some unprofessional hints for creating passwords that a) others can't figure out, and b) you can easily remember. (For an interesting read on other peoples' tips, check out the comments section of this article.)

  • Use the square root of pi to 56 digits. For those of you who still aren't comfortable, go to 57. Substitute the Gettysburg Address for every other "7." This won't guarantee preventing hacking, but it will keep the hackers too busy to do any damage to anyone else.
  • Pick one of Ben Affleck's good movies -- nobody can remember those.
  • Choose the maiden name you wish your mother had (unless you wish the square root of pi to 56 digits was your mother's maiden name.)
  • Take the name and home phone number of the person who required you to set up this account. If you're really annoyed, add "call after midnight."
  • Use the name of your favorite landlocked country. For the squeamish, add the capitol. For further security, put the year it became sovereign in between.
  • Use your favorite Shakespeare quote, written as if it were spoken by Elmer Fudd.
  • Use your favorite Arnold Schwartzenegger quote, as if spoken by Elmer Fudd.
  • The square root of pi to 56 digits, as if spoken by Elmer Fudd.
  • Two words: Pig Latin. (Oops, I'm giving away my own secrets.)
  • Write all the information down on hard copy, delete the digital files, and forget having a password to begin with.

 hieroglypic password

Posted by John Klossner on Jul 15, 2010 at 12:19 PM


Featured

Reader comments

Sat, Aug 21, 2010 EclecticBadger

Good passwords are also good mnemonics. Take your favorite novel, find a memorable quote (preferably not a famous quote) and use the first letter of each word, or for greater security the second letter of every other word - works with lyrics too. Make the pass-word at least 12 characters and include both upper and lower case, numbers and punctuation characters eg. !*&$#. Avoid number for letter substitutions and easy to guess text message type abbreviations ie LOL. Avoid using the same password for everything you sign-in to and definitely DO NOT use the same password for social networking sites as you use for online banking or financial transactions eg. Paypal, eBay, etc. Oh and if you do get hacked - change the password immediately you are aware. There is nothing more annoying than being repeatedly spammed by someone's long-lost webmail address book. Good luck.

Fri, Aug 20, 2010 Dottie

I use my favorite pie and the year we married year, who would figure that one?

Thu, Aug 19, 2010

I don't talk about my password generation schema.

Tue, Aug 17, 2010 Attu

I use abbreviations of family names three generations back. I enjoy geneaology so it is easy for me to remember those names, and the abbreviations I came up with for them, then I use a set of special characters and numbers to count up, or down, as I have to change my passwords so darn often. I find that even this is folied, not by hackers, but by sites that restrict the characters I can input in my password.

Tue, Aug 17, 2010

Names and words found in just about any language dictionary, no matter what order they're in, aren't terribly secure passwords, because those trying to crack them just use methods that include the most common dictionaries, which are in digital format and have been for awhile, and lists of names. A fairly secure password can be created using a phrase that is meaningful to you, and then just use the first letter of each word, change some letters to numbers, and uppercase some. Unless your phrase is a common phrase, like "My birthday is in June" it will be very difficult to crack. Another method is to use a trusted encrypted and secure password program, like KeyPass, to generate and store your passwords. Then you only have to remember one password, and it remembers all the rest for you.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above