How can a password be remembered easier?
As I mentioned previously, a user can have all of the password complexity in place for all of their accounts but still be presented with the difficulty of the first login. Until he or she logs in on the first machine, none of the passwords are accessible if they are kept on the machines hard drive or on some portable electronic medium.
Again, we are faced with the original problem of writing down complex or hard to remember passwords. Combinations that must include upper and lowercase letters, numbers and possibly one or more special characters such as $, @, (, or !, add to the difficulty of remembering the password. Often, a passwords complexity can be increased by substituting special characters for the word’s vowels, but again, if a word exits in the dictionary in the first place, a simple script can automatically substitute the special characters for the vowels. It can also do it on the fly. Thus the attack need only the dictionary list to manipulate through a series of programmed steps.
Random passwords with full complexity, including the maximum character lengths allowed and utilizing all characters is preferred, but does little to aid the users first login. Additionally, a network administrator may require that the password(s) are changed frequently.
Imagine having to memorize one of the following passwords:
=’6zW3TJ9ij4Zf
w,47846Rn0Uj05
0M1;”0W69p2JO3
.[i6M5S35CLBHX
7t:;17G2S60nH4
i8n243RH6R)d’a
…and then being required to change it again in the next few weeks.
The problem can be addressed using passphrases.
Passphrases allow strong password creation and have the additional benefit of providing an easy to remember system for the end user. If the phrase has meaning for the user and the user determines a standard for deriving the password from the phrase, it will not need to be written down or recorded in any fashion.
Example: “Long legged frogs make big pond ripples”
– Use the first and last letter of each word
– Use upper case for the first letter of each word and lower case for the last letter of each word
– Transpose all vowels to special characters or numbers
– Transpose letters like “s” to “5″ or “$”, “l” to “1″ or “!”, “o” to “()” etc.
– Transpose full words to numbers
“one” = “1″
“ate” = “8″
“to” = “2″
Passphrase above equals 14 character password: LgLdF5M3BgPdR$ (Do not use this password; it is now on a list).
The key to creating a passphrase is to make a sentence, possibly nonsensical to anyone but yourself, but also one that would have some personal meaning. Using well known phrases or sayings, such as “I think, therefore I am.”, “I’ll be back”, or maybe “Beam me up Scotty, there’s no intelligent life down here.” would be mediocre choices.
Try to stay away from a phrase that contains information that would fall under the “poor passwords” list as discussed previously <here link>. The phrase “My daughter Jessica is 10 years old.” would likely qualify as a poor choice for a passphrase.
Next: Creating strong passwords in Linux.
Recent Comments