John Klossner

Blog archive

How Elmer Fudd can improve your password security

Klossner passwordsPeople are using bad passwords. Actually, there are a lot of terms being bandied about to describe these passwords -- "bad," "simple," "lazy," etc. -- when the most accurate term is "easy-to-figure-out." A recent study found that a large number of people are using "123456," "password," etc.

I will defend the "bad" passwords on one account. Shouldn't this discussion be broken into "sensitive information that needs a password" as opposed to "if someone breaks into this and steals my third grade son's essay on the ankylosaurus, they deserve it" passwords? There are numerous sites, chat rooms and online forums that ask for registration or a password to enter that don't contain sensitive information. For these I personally use a simple password that I will always remember without having to go back to the false-bottomed desk drawer where I keep all my secret information. For the security-sensitive password situations, I do what everyone else -- except those cited in the above study -- does: I resort to my personal password recipe.

Related stories

Need to crack someone else's password?

The top 10 awfully bad passwords people use

Revealed: Our picks for the best password strategies

 The challenge here is two way: creating a password that is hard to discover, but yet can still be remembered. I find the real challenge lies in remembering the location where you keep the passwords. You can't keep them in the file labeled "passwords," can you? But then you have to keep a note (labeled "password locations") somewhere secret, requiring you to keep another note ("location of note reminding me where password locations are"), which you keep in a location with a lock, the combination of which you can keep in the same place as the passwords.

Without giving away my own password secrets, here are some unprofessional hints for creating passwords that a) others can't figure out, and b) you can easily remember. (For an interesting read on other peoples' tips, check out the comments section of this article.)

  • Use the square root of pi to 56 digits. For those of you who still aren't comfortable, go to 57. Substitute the Gettysburg Address for every other "7." This won't guarantee preventing hacking, but it will keep the hackers too busy to do any damage to anyone else.
  • Pick one of Ben Affleck's good movies -- nobody can remember those.
  • Choose the maiden name you wish your mother had (unless you wish the square root of pi to 56 digits was your mother's maiden name.)
  • Take the name and home phone number of the person who required you to set up this account. If you're really annoyed, add "call after midnight."
  • Use the name of your favorite landlocked country. For the squeamish, add the capitol. For further security, put the year it became sovereign in between.
  • Use your favorite Shakespeare quote, written as if it were spoken by Elmer Fudd.
  • Use your favorite Arnold Schwartzenegger quote, as if spoken by Elmer Fudd.
  • The square root of pi to 56 digits, as if spoken by Elmer Fudd.
  • Two words: Pig Latin. (Oops, I'm giving away my own secrets.)
  • Write all the information down on hard copy, delete the digital files, and forget having a password to begin with.

 hieroglypic password

Posted by John Klossner on Jul 15, 2010 at 12:19 PM


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.