John Klossner

Blog archive

How Elmer Fudd can improve your password security

Klossner passwordsPeople are using bad passwords. Actually, there are a lot of terms being bandied about to describe these passwords -- "bad," "simple," "lazy," etc. -- when the most accurate term is "easy-to-figure-out." A recent study found that a large number of people are using "123456," "password," etc.

I will defend the "bad" passwords on one account. Shouldn't this discussion be broken into "sensitive information that needs a password" as opposed to "if someone breaks into this and steals my third grade son's essay on the ankylosaurus, they deserve it" passwords? There are numerous sites, chat rooms and online forums that ask for registration or a password to enter that don't contain sensitive information. For these I personally use a simple password that I will always remember without having to go back to the false-bottomed desk drawer where I keep all my secret information. For the security-sensitive password situations, I do what everyone else -- except those cited in the above study -- does: I resort to my personal password recipe.

Related stories

Need to crack someone else's password?

The top 10 awfully bad passwords people use

Revealed: Our picks for the best password strategies

 The challenge here is two way: creating a password that is hard to discover, but yet can still be remembered. I find the real challenge lies in remembering the location where you keep the passwords. You can't keep them in the file labeled "passwords," can you? But then you have to keep a note (labeled "password locations") somewhere secret, requiring you to keep another note ("location of note reminding me where password locations are"), which you keep in a location with a lock, the combination of which you can keep in the same place as the passwords.

Without giving away my own password secrets, here are some unprofessional hints for creating passwords that a) others can't figure out, and b) you can easily remember. (For an interesting read on other peoples' tips, check out the comments section of this article.)

  • Use the square root of pi to 56 digits. For those of you who still aren't comfortable, go to 57. Substitute the Gettysburg Address for every other "7." This won't guarantee preventing hacking, but it will keep the hackers too busy to do any damage to anyone else.
  • Pick one of Ben Affleck's good movies -- nobody can remember those.
  • Choose the maiden name you wish your mother had (unless you wish the square root of pi to 56 digits was your mother's maiden name.)
  • Take the name and home phone number of the person who required you to set up this account. If you're really annoyed, add "call after midnight."
  • Use the name of your favorite landlocked country. For the squeamish, add the capitol. For further security, put the year it became sovereign in between.
  • Use your favorite Shakespeare quote, written as if it were spoken by Elmer Fudd.
  • Use your favorite Arnold Schwartzenegger quote, as if spoken by Elmer Fudd.
  • The square root of pi to 56 digits, as if spoken by Elmer Fudd.
  • Two words: Pig Latin. (Oops, I'm giving away my own secrets.)
  • Write all the information down on hard copy, delete the digital files, and forget having a password to begin with.

 hieroglypic password

Posted by John Klossner on Jul 15, 2010 at 12:19 PM

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Sat, Aug 21, 2010 EclecticBadger

Good passwords are also good mnemonics. Take your favorite novel, find a memorable quote (preferably not a famous quote) and use the first letter of each word, or for greater security the second letter of every other word - works with lyrics too. Make the pass-word at least 12 characters and include both upper and lower case, numbers and punctuation characters eg. !*&$#. Avoid number for letter substitutions and easy to guess text message type abbreviations ie LOL. Avoid using the same password for everything you sign-in to and definitely DO NOT use the same password for social networking sites as you use for online banking or financial transactions eg. Paypal, eBay, etc. Oh and if you do get hacked - change the password immediately you are aware. There is nothing more annoying than being repeatedly spammed by someone's long-lost webmail address book. Good luck.

Fri, Aug 20, 2010 Dottie

I use my favorite pie and the year we married year, who would figure that one?

Thu, Aug 19, 2010

I don't talk about my password generation schema.

Tue, Aug 17, 2010 Attu

I use abbreviations of family names three generations back. I enjoy geneaology so it is easy for me to remember those names, and the abbreviations I came up with for them, then I use a set of special characters and numbers to count up, or down, as I have to change my passwords so darn often. I find that even this is folied, not by hackers, but by sites that restrict the characters I can input in my password.

Tue, Aug 17, 2010

Names and words found in just about any language dictionary, no matter what order they're in, aren't terribly secure passwords, because those trying to crack them just use methods that include the most common dictionaries, which are in digital format and have been for awhile, and lists of names. A fairly secure password can be created using a phrase that is meaningful to you, and then just use the first letter of each word, change some letters to numbers, and uppercase some. Unless your phrase is a common phrase, like "My birthday is in June" it will be very difficult to crack. Another method is to use a trusted encrypted and secure password program, like KeyPass, to generate and store your passwords. Then you only have to remember one password, and it remembers all the rest for you.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group