John Klossner

Blog archive

How Elmer Fudd can improve your password security

Klossner passwordsPeople are using bad passwords. Actually, there are a lot of terms being bandied about to describe these passwords -- "bad," "simple," "lazy," etc. -- when the most accurate term is "easy-to-figure-out." A recent study found that a large number of people are using "123456," "password," etc.

I will defend the "bad" passwords on one account. Shouldn't this discussion be broken into "sensitive information that needs a password" as opposed to "if someone breaks into this and steals my third grade son's essay on the ankylosaurus, they deserve it" passwords? There are numerous sites, chat rooms and online forums that ask for registration or a password to enter that don't contain sensitive information. For these I personally use a simple password that I will always remember without having to go back to the false-bottomed desk drawer where I keep all my secret information. For the security-sensitive password situations, I do what everyone else -- except those cited in the above study -- does: I resort to my personal password recipe.


Related stories

Need to crack someone else's password?

The top 10 awfully bad passwords people use

Revealed: Our picks for the best password strategies


 The challenge here is two way: creating a password that is hard to discover, but yet can still be remembered. I find the real challenge lies in remembering the location where you keep the passwords. You can't keep them in the file labeled "passwords," can you? But then you have to keep a note (labeled "password locations") somewhere secret, requiring you to keep another note ("location of note reminding me where password locations are"), which you keep in a location with a lock, the combination of which you can keep in the same place as the passwords.

Without giving away my own password secrets, here are some unprofessional hints for creating passwords that a) others can't figure out, and b) you can easily remember. (For an interesting read on other peoples' tips, check out the comments section of this article.)

  • Use the square root of pi to 56 digits. For those of you who still aren't comfortable, go to 57. Substitute the Gettysburg Address for every other "7." This won't guarantee preventing hacking, but it will keep the hackers too busy to do any damage to anyone else.
  • Pick one of Ben Affleck's good movies -- nobody can remember those.
  • Choose the maiden name you wish your mother had (unless you wish the square root of pi to 56 digits was your mother's maiden name.)
  • Take the name and home phone number of the person who required you to set up this account. If you're really annoyed, add "call after midnight."
  • Use the name of your favorite landlocked country. For the squeamish, add the capitol. For further security, put the year it became sovereign in between.
  • Use your favorite Shakespeare quote, written as if it were spoken by Elmer Fudd.
  • Use your favorite Arnold Schwartzenegger quote, as if spoken by Elmer Fudd.
  • The square root of pi to 56 digits, as if spoken by Elmer Fudd.
  • Two words: Pig Latin. (Oops, I'm giving away my own secrets.)
  • Write all the information down on hard copy, delete the digital files, and forget having a password to begin with.

 hieroglypic password

Posted by John Klossner on Jul 15, 2010 at 12:19 PM


FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1996, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Sat, Aug 21, 2010 EclecticBadger

Good passwords are also good mnemonics. Take your favorite novel, find a memorable quote (preferably not a famous quote) and use the first letter of each word, or for greater security the second letter of every other word - works with lyrics too. Make the pass-word at least 12 characters and include both upper and lower case, numbers and punctuation characters eg. !*&$#. Avoid number for letter substitutions and easy to guess text message type abbreviations ie LOL. Avoid using the same password for everything you sign-in to and definitely DO NOT use the same password for social networking sites as you use for online banking or financial transactions eg. Paypal, eBay, etc. Oh and if you do get hacked - change the password immediately you are aware. There is nothing more annoying than being repeatedly spammed by someone's long-lost webmail address book. Good luck.

Fri, Aug 20, 2010 Dottie

I use my favorite pie and the year we married year, who would figure that one?

Thu, Aug 19, 2010

I don't talk about my password generation schema.

Tue, Aug 17, 2010 Attu

I use abbreviations of family names three generations back. I enjoy geneaology so it is easy for me to remember those names, and the abbreviations I came up with for them, then I use a set of special characters and numbers to count up, or down, as I have to change my passwords so darn often. I find that even this is folied, not by hackers, but by sites that restrict the characters I can input in my password.

Tue, Aug 17, 2010

Names and words found in just about any language dictionary, no matter what order they're in, aren't terribly secure passwords, because those trying to crack them just use methods that include the most common dictionaries, which are in digital format and have been for awhile, and lists of names. A fairly secure password can be created using a phrase that is meaningful to you, and then just use the first letter of each word, change some letters to numbers, and uppercase some. Unless your phrase is a common phrase, like "My birthday is in June" it will be very difficult to crack. Another method is to use a trusted encrypted and secure password program, like KeyPass, to generate and store your passwords. Then you only have to remember one password, and it remembers all the rest for you.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group