Password Memorization Mnemonic
by Agent Zer0 (agentzr0@gmail.com)
If you're like me, then you have my condolences: you have a social life that's on life support and nothing better to do with your Friday nights than drafting articles for quarterly hacker 'zines.
Not that this is such a bad thing - I just wish I had a hot date.
However, if you're like the average Internet user, then you regularly visit quite a number of websites which require a username and password for you to use of them.
Proper password selection, much like good data archiving, is one of those issues that you don't really think about until a situation arises which makes you regret the fact that you didn't think about it earlier.
In an ideal world where everyone was smart enough to read this quarterly, you would be using a completely different password for every single online resource you use.
Unfortunately, this is easier said than done; in fact, it opens up a whole new world of problems. Depending on how many secure sites you use, your list of passwords may get real long real fast. Writing the list down on a piece of paper and storing it somewhere is no good, because the piece of paper can be found or stolen.
I've heard of programs that will store your lists of usernames and passwords for you in a secured area on your computer, and these programs may be the best thing going. But then you have another program that you'll have to buy and manage and, to me, the very concept seems tantamount to storing a key to a safe in the safe itself - and then leaving the damned thing unlocked.
Recently, as a solution to this issue, I devised a simple little memory mnemonic of my own that allows me to generate separate, distinct passwords for all of the secure websites I use.
At the same time, I can easily remember all of the passwords, so I don't need to worry about keeping up with any paper lists or third-party programs.
Before I get into it, I feel I should make due diligence and insert the standard disclaimer here: this article is for informational purposes only; use it at your own risk. Don't eat yellow snow. Blah, Blah, Blah...
So, to get started, lets assume that you have a user called JohnDoe at yahoo.com, gmail.com, myspace.com, slashdot.org, citizensbank.com, and facebook.com.
Here we have six sites that require a secure authorization in order for you to do anything worthwhile, which means you're going to need six distinct passwords.
Instead of attempting to come up with six separate random passwords that you think that you'll be able to keep up with, you're going to devise one simple password template that you can easily remember and use that to create your six separate passwords.
So, say the particular template or rule you decide to set up for yourself is: [sitename][codeword][number]
And that your codeword is: apple
Then, your login for four of those six sites would be as follows:
I think you get the idea.
Here, you can create passwords for as many sites as you want, and all you'll have to remember is the one rule you set up for your self to create passwords for all the sites. Then, if you do forget one of your passwords, you can always recreate it.
Now, suppose you have one website (or a couple of similar websites) that have several sections, each of which requires its own separate username and password. If you included a number as a part of your template then your answer is as simple as incrementing the number for every separate section of the site that you need a separate password for.
If you didn't use a number, then you can just expand on the site name section of your mnemonic.
Let's use Yahoo! as a hypothetical case, though in reality, you don't need separate logins for each of their sections.
Then you might set up passwords like this:
If you pay close attention to policies of some secured sites, such as MySpace, you're probably thinking to yourself right now, "Hey, MySpace won't let me create a password that completely fits my mnemonic. It's giving me an 8 or 10 (or whatever) character limit."
I've run into this problem a couple of times myself. The way I see it, you have three options:
1.) Find a similar site with a better password policy. Everyone is copying everyone else on the web these days. Some are doing so legitimately; others are not. My point is that you'd be hard pressed to find a site providing a service which is so original or brand spanking new that it's not also being provided by someone else who might allow you to use more that handful of characters for your password.
2.) Crack the webpage, system, or server. Show the webmaster or system administrator just how weak their current policy is, thereby spurring them to strengthen it. Admittedly, this is a more extreme - not to mention illegal - road to take, but it has been taken, and it has gotten results.
3.) The option I usually choose is to modify your mnemonic for that one site or take it as far as you can. Returning to the MySpace example, you might want to use myspaceapple00, but the website will only let you get up to about myspaceapp before it will stop accepting input. If that's the case, just follow through with the entry and hit enter. You'll still get in and you'll still have a fairly decent password.
I hope this is as helpful for you as it's been for me. Happy hacking.