 |
||||||||||||||||||||||||
 | ||||||||||||||||||||||||
| The Trouble with Passwords
The requirements of a "good" password are mutually exclusive (or, at least, mutually conflicting):-
Some solutions (that really work) are listed below. You might bring these to the attention of your network administrator (he's the guy who makes you change your password every two weeks) Finding Someone Else's PasswordThis is usually quite easy! Try one or more of the following:
Sorry, 3M, but you did more to undermine computer security than anyone else... The Password Solution (1) - 'phone numbersThis is the best (and most comprehensive) You probably can remember a telephone number from the past (DO NOT USE A CURRENT NUMBER) such as the number of
For example, I can well remember the number of my first job - it was LANgham 4468 (this is a good one because it has a mix of alpha and numeric). A phone number such as this provides two elements - a three letter part and a four digit part. You can use these two to make 3, 4, 6, 7, 8 character password by combining or repeating the parts. If you include the long distance code (01 LAN 4468 as it was at the time) the permutations increase. The system works just as well with modern, US-style, numbers such as 201 555 1212 which can be combined to make almost any length of password. I have used this system on computers, networks, ATMs, access control and the like for years. I have never forgotten the password in use and I never write it down - it works... PS I don't use the example given... The Password Solution (2) - TV programme This is the simplest Choose your favourite TV or Radio programme (preferably one with a long name) and use the initials as your password. For example, if "Only Fools and Horses" is the one then use OFaH as your password (note this has mixed upper and lower case). The Password Solution (3) - Golf Course This is simple if you happen to be a golfer and gives any length password between one and 18 digits! Most golfers have a favourite course - it could be your home course, a particular championship course that you like to watch on TV, or a course that has fond memories (usually a good score...). You can use the stroke index of this selected course for any length of password. for example, the Bernard Hunt course at Foxhills has a front nine with the following pars 4,4,5,3,5,4,5,3,4. I could use this for a five digit password thus - 44535 or seven digits thus 4453545. For added security you can use the Number Change method (no 4 below) in reverse: so that the first five holes of Bernard Hunt become aases... Purists will argue that the password so chosen is insecure because each digit position has only three possible values. This is true but only of consequence if the would be hacker knows you use the golf club method; and, anyway, it is more secure than a post-it note! AND - whoever heard of a hacker playing Golf? The Password Solution (4) - Number change Selecting a word or phrase and then changing some of the letters to corresponding numbers can be quite effective. The table below shows the easy-to-remember letters with a numerical 'equivalent'; note that you can choose to use separate matching for upper and lower case or use the corresponding number whatever the case of the letter.
And, of course, you can use multiple number replacements in the same word as these examples illustrate: 8r4z11 (Brazil), gre4te5t (greatest), 811k0 (Bilko), 54884t1c41 (sabbatical), 313g4nt (elegant), 34g13 (eagle), 4 gr34t p455w0rd (a great password) Password Changing - a bad idea If you have difficulty in remembering your password (probably because you have not yet implemented one of the ideas above) you will have greater difficulty in remembering one you change every two weeks. Passwords need changing because they lose their security; ergo, if security is maintained no change is necessary. Forced password changing is a classic example of tackling the effect not the cause. Use a system that you never forget and no-one else can guess and the problem goes away. Point your network administrator here and have him/her send me an email justifying forced password changing.
|
