Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to remember passwords (and which ones you should)

Joe Kissell | Nov. 29, 2012
No matter what tools you use, you’ll have to memorize at least a few passwords, you don’t want to trade security for memorability. Here a few tips that can help you make sure your brain doesn’t betray you.

Depending on how you do the calculation, the passwords "7H#e2U&dY4" (ten random characters) and "blanketsensory" (14 nonrandom characters) are approximately equal in strength, but the latter is much easier to remember and type. Even though it contains only lowercase letters and blanket and sensory are both ordinary English words, the passwords entropy is high enough that a concerted brute-force attack would take days or weeks to crack it. The moral of the story (as brilliantly illustrated in this XKCD comic) is that when you have to memorize a password, a longer phrase composed of random words or syllables will make your life easier than a shorter string of entirely random individual characters.

If your memory is excellent and having to type the fewest possible characters is your biggest consideration, then go with a shorter random passwordbut remember that whereas short used to mean 8 or 9 characters, nowadays 12 or 14 are safer. Nevertheless, since most people can type long words faster than short bursts of random characters, you might find a 25-character phrase more convenient in daily use than a 12-character string of nonsense.

Let a computer pick your passwords

Ive sometimes advised people to use mnemonic cues to remember passwords. For example, taking a sentence such as I once drank three cups of coffee before realizing it was decaf and using just the first letter of each word, with a capital and a number thrown in, creates Iod3cocbriwda reasonably strong password. But because humans have a tendency to unconsciously introduce patterns into passwords produced through these means (which can increase the ease of guessing a password), I prefer to let a computer create a selection of random (but memorable) passwords, and then choose one that sounds good. You have numerous ways to do this.

If you open Keychain Access on your Mac (in /Applications/Utilities), choose File > New Password Item, and then click the key icon next to the Password field, youll see a Password Assistant window. In this window, choose Memorable from the Type pop-up menu and select a password length. The utility will produce a password consisting of a combination of words, numbers, and symbols (such as nineteenth8590.middlingly or baiting325@certifications. Dont like the first suggestion that appears? Click the pop-up menu to see more, or choose More Suggestions from that menu to get another list.

1Passwords password generator also has a mode that creates a series of pronounceable syllables (not necessarily English words), with or without intervening digits or hyphenssuch as "liegnicroci", "lieg7ni2croc5i", or "lieg-ni-croc-i". To generate them in the 1Password app, choose File > New Item > New Password, click Pronounceable, and select the separator and length you prefer. Click the Refresh button to see another password choice. (The directions are similar when you're using 1Passwords browser extensions, although the layout and options are slightly different.)

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.