John Klossner

Blog archive

How Elmer Fudd can improve your password security

Klossner passwordsPeople are using bad passwords. Actually, there are a lot of terms being bandied about to describe these passwords -- "bad," "simple," "lazy," etc. -- when the most accurate term is "easy-to-figure-out." A recent study found that a large number of people are using "123456," "password," etc.

I will defend the "bad" passwords on one account. Shouldn't this discussion be broken into "sensitive information that needs a password" as opposed to "if someone breaks into this and steals my third grade son's essay on the ankylosaurus, they deserve it" passwords? There are numerous sites, chat rooms and online forums that ask for registration or a password to enter that don't contain sensitive information. For these I personally use a simple password that I will always remember without having to go back to the false-bottomed desk drawer where I keep all my secret information. For the security-sensitive password situations, I do what everyone else -- except those cited in the above study -- does: I resort to my personal password recipe.


Related stories

Need to crack someone else's password?

The top 10 awfully bad passwords people use

Revealed: Our picks for the best password strategies


 The challenge here is two way: creating a password that is hard to discover, but yet can still be remembered. I find the real challenge lies in remembering the location where you keep the passwords. You can't keep them in the file labeled "passwords," can you? But then you have to keep a note (labeled "password locations") somewhere secret, requiring you to keep another note ("location of note reminding me where password locations are"), which you keep in a location with a lock, the combination of which you can keep in the same place as the passwords.

Without giving away my own password secrets, here are some unprofessional hints for creating passwords that a) others can't figure out, and b) you can easily remember. (For an interesting read on other peoples' tips, check out the comments section of this article.)

  • Use the square root of pi to 56 digits. For those of you who still aren't comfortable, go to 57. Substitute the Gettysburg Address for every other "7." This won't guarantee preventing hacking, but it will keep the hackers too busy to do any damage to anyone else.
  • Pick one of Ben Affleck's good movies -- nobody can remember those.
  • Choose the maiden name you wish your mother had (unless you wish the square root of pi to 56 digits was your mother's maiden name.)
  • Take the name and home phone number of the person who required you to set up this account. If you're really annoyed, add "call after midnight."
  • Use the name of your favorite landlocked country. For the squeamish, add the capitol. For further security, put the year it became sovereign in between.
  • Use your favorite Shakespeare quote, written as if it were spoken by Elmer Fudd.
  • Use your favorite Arnold Schwartzenegger quote, as if spoken by Elmer Fudd.
  • The square root of pi to 56 digits, as if spoken by Elmer Fudd.
  • Two words: Pig Latin. (Oops, I'm giving away my own secrets.)
  • Write all the information down on hard copy, delete the digital files, and forget having a password to begin with.

 hieroglypic password

Posted by John Klossner on Jul 15, 2010 at 12:19 PM


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.