March 25, 2011

Normal Person Passwords

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The last post, I will admit, was heavy on details and light on usable information.  It was also super-long.  While I won't apologize (I know reading long things is a dying art, but I would rather folks didn't read me at all than to get a quarter of the way through a post and say 'tldr'), I am more than happy to make this one fun and sweet (and two days late (and apparently also super-long)).

How to make long but memorable passwords:
Human minds are fascinating things.  They're terrible at remembering random data without that randomness being made less random, but remember associated information with an incredible level of detail.  Even minor details can stick around for years with just a few recalls.  The trick is to think, then remember and use repeatedly.  I'll give you a trick for making random passwords in these easy steps:
  1. Think of your most favorite thing.  It can be an activity, or a club or group or class you go to, or your dog, or whatever.  You might think of a few good ones, but pick one.
  2. You can't use this, because everybody knows what it is.
  3. Think of another thing that you like.  If it didn't even cross your mind when making the first thing, it's a keeper.
  4. Next, think of your thing, and see what bubbles to the surface.  This is a right-brain activity, and may take a moment or two.  A few words, ideas, pictures, sounds and things like that should stick out.
  5. Combine two of those right-brainy things with the idea you chose.  If they're too random, pick a few things you know you'll remember.
  6. Harden the password (which is lower).
As an example, I ran through the steps and had to discard a handful of really common junk until I landed on Bicycle. Riding a bike makes me happy, and I do it on occasion, but it's not exactly a central point in my life.  Folks know I do it, but I'm not a fanatic about it... it's just a thing I know.  Some right-brain thinking later, and I wound up with the fact that I recently replaced my bike's chain, and bike chains are different for multiple gear setups.  This is a bit too random, and hard to memorize, so I'll make it a bit easier by using my memory of replacing my chain with a 15-speed-length one.  So, smushing them together, I get Bicycle15Gears.  Pretty good, but it needs hardening!

Password hardening is using a few quick rules you keep to yourself about changing letters and numbers in your password.  Some ideas (don't use all of these, or the first one, or first two; mix and match and make your own!) are here:
  • Last letters in words get capitalized ('spears' turns into 'spearS')
  • Hold shift on the first and last charactors in the password ('GreenGardeningGloves97' becomes 'GreenGardeningGloves9&)')
  • Put some charactor between each part of the password (2HandRails becomes 2_Hand_Rails)
  • Type all numbers twice (sweet59 becomes sweet5599)
  • All passwords start with a character (DropTheBomb becomes $DropTheBomb)
Anything that doesn't make your password more simple (like capitalizing all letters) makes it better.  In my example, I'll put a character on the beginning and end, making it ^Bicycle15Gears^, then separate my words with underscores.  After that process, I have ^_Bicycle_15_Gears_^.  This is a good password; it has uppers, lowers, numbers, and special characters, and is longer than 10 characters.

Alright, so now you have a super-secure password that will be easy to remember.  That doesn't make it any harder to type... but keep in mind that the harder it is for you to type (*not* remember!), the harder it is for anybody to crack it.  What should you do with this new, incredible password?

Download KeePass.  The top left box (which is Standard Exe for Windows) is probably the best bet.  When it's installed, start it.  Click File->New.  You'll get a dialog.  Put your new super-duper password into this box.  If REALLY want to be secure, choose a keyfile (which uses the file as another kind of password).  If you do, make sure to pick a file that's always gonna be around!  Choose a heading (I did Internet) and click Edit->Add Entry.  Fill out the generic information (title is Facebook, the rest is secret), then when you get to the password area, press the [...] button, then the little key right below it.  Press Generate a few times, until you get a lot of bits of randomness, then press OK.

BAM.  With that paragraph, you now have a way of having tons of login names and passwords while only having to remember your super-duper password.  This is as safe as you can get without diving into paranoia-land (your ankle-deep in it right now!).  Happy passwords!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFNjDvEdzdg8zBNoIARArI3AJ4zyGL3aGU5tskIkXr2y1YetXf79ACfWaqZ
2mfkeIUvFGzSn09PgqnBr+M=
=XEeJ
-----END PGP SIGNATURE-----

No comments:

Post a Comment

Let others know what you think.