digg

Facebook Connect Join Digg About

Illustrated Guide to Creating Strong and Memorable Passwords

corvusconsulting.ca Anybody can use bl~rk#45rum! as their password, but how do you remember it? This article provides a clever formula for remembering passwords, illustrated using OS X’s Keychain password assistant.

Who dugg this? Made popular Oct 22, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

112 Comments

show profanity settings
expand all
  • arharris2, on 11/07/2007, -1/+38everyone knows that "password" is the greatest password ever. It's so easy, that any self respecting hacker would simply skip over it because they know that you'd have to be an idiot to use "password"
  • andrewcsayer, on 11/07/2007, -1/+35my password is admin
  • thailand1972, on 11/03/2007, -0/+30I remember once a girl gave me her email address on a piece of paper - below it was written her Hotmail password too (she thought people needed to know this to email her). She must have handed her password to everyone she gave her email address too. Thick as bricks, but lovely looking girl.
  • DNABeast, on 10/22/2007, -0/+27hunter2

    Doesn't look like stars to me.
  • opnickc, on 10/22/2007, -0/+24"What's the password?"
    "1-2-3-4-5, sir."
    "That's amazing, I use the same one for my luggage!"
  • stklaw, on 10/23/2007, -5/+28My password turns into stars when i type it on Digg.
    ******
    See?
  • oneoverzero, on 10/22/2007, -1/+24I have no trouble remembering to type We4;98^5ds%Se every day.
  • cyclopssmiley, on 10/22/2007, -0/+19You can make a photo book with pictures of your passwords and take it out and show your grand children (assuming you have them) and go on about memorable stories with these passwords.

    "Well I used this one here on digg but I also used it on flickr and one time..."
  • Nerfdude, on 10/22/2007, -0/+17i use my ancient Angelfire generated password for everything. it's a string of nonsense but i've just forced it into my head from years of repetition.

    yeah, Angelfire, that's what i said.
  • Scira, on 10/22/2007, -0/+12good old trusty P@$$w0rd
  • nallelcm, on 10/22/2007, -0/+11I've tried this 3 times and I keep getting roti1!nom
  • scallon, on 10/22/2007, -0/+11that ought to be on a t shirt.
  • ChromaVita, on 10/22/2007, -0/+11nr8^op

    am I doing it right?

  • swanny89, on 10/22/2007, -0/+11I always take a phrase I use a lot and make it "l33t". Example: "I play basketball at 8:00" becomes " Ipl4ybb@8:00". Tough to brute force but easy to remember and generate.
  • karmakanic, on 10/22/2007, -1/+12Wow. That would suck. Especially the Boom part.
  • carterbaldwin, on 10/22/2007, -3/+13...or try it first because they know that most people in the world are idiots.
  • 28dayslater, on 10/22/2007, -0/+9I wish I had something worth stealing. This isn't even my computer.
  • ShadwDrgn, on 10/22/2007, -1/+9this is a very bad idea because a lot of bruters will actually do this as they brute.
  • schnikies79, on 10/22/2007, -0/+8The website I ran for a while encrypted (by default) all passwords. I could reset them but I couldn't view them.
  • 0x0000ff, on 10/22/2007, -1/+8"Passwords can be seen by ALL admin at each website"

    Actually you're totally wrong, yay!
  • Darrelc, on 10/22/2007, -1/+8All I do for strong secure passwords:

    Look around where you are, look for a word on something (E.g. "decadance" - the label of a CD on my desk)
    Reverse the word (E.g. ecnadecad)
    Slap a number in there (E.g. ecnad9ecad)
    Add a character (E.g. ecnad9*ecad)
    There you go, easy to remeber (ecnad nine star ecad) and easy to generate and very secure.
  • tpink, on 10/22/2007, -0/+7"(E.g. "decadance" - the label of a CD on my desk)"

    If that's the Head Automatica CD, I have to compliment you on your musical taste as well as your password generating abilities.
  • Jo9100, on 10/22/2007, -0/+7http://duggmirror.com/security/Illustrated_Guide_t ...
  • burke, on 10/22/2007, -1/+8Really? Let me try:

    boobies

    Did it work?

    EDIT: Hey, you ass!
  • karmakanic, on 10/22/2007, -0/+6Cooool! Do that again!
  • nonstop87, on 10/22/2007, -0/+6I've used this strategy in the past and it works really well. Thats for reminding me I need to redo my passwords soon.
  • holycola, on 10/22/2007, -0/+6You're right that the pattern can be revealed, but I think one would have to know that you're using a pattern in the first place, and be able to recognize it from one instance. How are most passwords discovered, and how well does the method address those vectors is the best test. (disclosure: i'm the author of the article)
  • sjbdallas, on 10/22/2007, -0/+5Use a number, but make some of the numbers words:
    1969 becomes 9Teen60Nine
    Same concept, but incorporate spaces on systems that allow:
    1969 becomes "19 Sixty Nine"
  • has2k1, on 10/22/2007, -1/+6Not to be cynical, but that method only creates unique passwords that are hard to brute force. However, once the format of just one of the passwords is revealed, then that is it for the rest.

    An admin with many users will tell you, a good percentage of users have passwords which share a subset of characters with the website/service name.
  • chrisxkelley, on 10/22/2007, -1/+5fail.
  • zachshmack, on 10/22/2007, -0/+4Did this seriously just recommend using dictionary words and tacking numbers onto them? Terrible advice.
    Do Not Use Dictionary Words.
  • antitab, on 10/22/2007, -0/+4That's really in bad taste considering I lost years worth of email addresses and access to my Sourceforge project, leaving me unable to update or administrate the project at all. Thanks.
  • samk, on 10/28/2007, -0/+4No it's not. At least not on Digg.
  • darnit, on 10/22/2007, -1/+4HaX0r$ l00k1NG @ mah Pr0n
  • portableteejay, on 10/25/2007, -2/+5bash ftw
  • nonstop87, on 10/22/2007, -0/+3...you were saying?
  • skeenan, on 10/22/2007, -1/+4Nice... explained using Keychain's password checker, which thinks that 15 lowercase t's is a better password than my 10-character completely random sets of random lower/uppercase chars, nubmers, and symbols... suggestion: passwords should have at least 8 characters and have at least 3 character classes with no words, even if you substitute numbers for letters!! Every cracker checks for the kind of stuff this guy talks about. At least it's better than using 'password' though!!
  • mrgoat, on 10/22/2007, -1/+4Did you bang her?
  • blackmage439, on 10/22/2007, -0/+3IMINURT0WERZSTEELINGURP455WRDZ!!11!

    How's that? In all seriousness, though, I REALLY need to change my pathetic 8-character passwords...
  • antitab, on 10/22/2007, -1/+4l33t is the best security tool ever created.
  • pieoncar, on 10/22/2007, -0/+3I've heard of a similar method before -- typing out "shapes" on the keyboard where you only recall the starting letter. For example, you could type a T shape starting with Y which would be yuiujm or maybe a V shape starting with 3 which would be 3edcft6.

    It's probably especially lacking if someone is looking over your shoulder while you type it, though.
  • antitab, on 10/22/2007, -0/+3Any self-respecting site will encrypt passwords and not allow anyone to access them. I lost my SourceForge, GMail, MySpace, and a few other accounts all because certain IRC networks do not do this with their Nickserv data.
  • nunofgs, on 10/22/2007, -0/+2I usually think of a phrase (sometimes movie quotes or famous quotes) and take the first letter of every word and change a couple of them to numbers. Here's an example:

    "Agent Smith: Never send a human to do a machine's job."
    The password would become: "nsah2damj"

    When you think you've forgotten your password, just think of the original quote.
  • IphtashuFitz, on 10/22/2007, -0/+2Here's another good way to come up with passwords. Use a street address as a basis. I've used the addresses of my childhood home, my granparents summer home, old school addresses, etc. For example, suppose you grew up at 87 Granite Ridge Road in Butte, Montana. You could create the password 87GRrd.B,MT from that.
  • idiotwithastick, on 10/22/2007, -0/+2When you are sitting next to someone using your repeated character they can hear a slight delay in your typing.
  • ggko, on 10/22/2007, -0/+2That's plausible, so I'll modify my example to algesbpo vs alsesbps. Still multiple instances of the letter "s," no longer adjacent, but still likely to be rejected by a stringent password checker for the same reason, (ignore that it's a fully alphabetic string.)
  • inactive, on 10/22/2007, -0/+2I just use a password manager app (steganos) and keep a good backup of it, seen as it spits out stuff like: §?o.k(d.+7_n?u6
  • parirami, on 10/22/2007, -0/+2create ciphers for your passwords. for instance based on the domain name's letters (or nth letter) where n is a variable, and create a pattern (say, you are a geek who loves y=mx+b, where y is "O" in google, and b is "e".
    you apply a common 2nd layer replication such as n+3 (say, O,P,Q) etc. so your password becomes: Q=mx+G etc etc... for instace, add more letters depending on domain length... everytime you have a new domain, you have a different password - - - and only you know the cipher!

    even admins won't figure it out coz of the 2nd or 3rd layer cipher. ;-)
  • Cygnus, on 10/23/2007, -0/+2Ha! Ditto. It's burned into my mind...
  • ElPieEater, on 10/22/2007, -1/+3Myspace? You kind of deserved it.
  • Fetching more discussions...
    Show 51 - 100 of 108 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.