…if that’s not entirely redundant. 😉
For a long time now, I’ve chosen passwords based on a topic-subtopic-specific, misspelled and then with added characters and numerals and upper/lowercase letters interspersed to make a word (preferably longer than 12 letters) or phrase sort-of-halfway-kinda resemble the original word or phrase in a manner that’s memorable to me.
Recently, though, somehow my gmail account became vulnerable despite what several online password checkers from reputable companies thought was a “strong password” so…
I’ve begun changing my passwords again, this time using lyrics to songs I know–some that are even “semi-unpublished” *heh*
Here’s the trick:
Write out (if you’re a little unsure of the lyrics) the lyrics to a song–the older and less likely to be common knowledge among the illiterati the better. Now, select the first letter of each word of the first (or second or third… ) verse. Assemble those into your “rough sketch” for a password. Now, in some way that makes sense to you–all the letters from the first half of the alphabet, all vowels, all “voiced” consonants, etc.–capitalize some of the letters. Substitute numbers for other letters. Add characters like “@!%#” at places within the string of letters in ways that make some loose sense to you.
I recently changed out my first (of more than a few) email passwords with a 40-character password devised this way. Yes, I have my passwords saved on hardcopy in place that’s accessible to family only, and yes I have them saved in an encrypted, password-protected zipped text file.
It’s not all that hard, and it beats putting your birth date or wedding anniversary on a sticky note slapped on your monitor… *heh* By quite a lil bit.
Oh, my computers’ passwords are considerably less complex, because
- They’re in a fairly secure environment and
- Anyone wanting to crack ’em can probably do so with Ophcrack or other tools, anyway.
So what do you think about the method of choosing a phrase then moving your fingers up a row to type it?
Depends on the phrase, Mel. The longer the better. A simple substitution crypto approach (and that’s really what that is) should be “crackable”. A more complex substitution approach–similar to what I suggested–might resist cracking a bit longer. Either approach would likely move casual crackers off to easier targets… but might intrigue more sophisticated crackers.
Neither approach would stand up long to the NSA, I’m afraid. *sigh* Perhaps either one combined with this sort of password generator would be the best a common Joe or Josephine might be able to use, but I would HAVE to use an encrypted removable storage device to keep track of, or even reproduce, such passwords. Imagine a 104-character password of (very nearly) random characters combined with the “moved row” or lyrics approach. Sorry, but though I might have been able to recall such a password in my youth, my memory’s (well, memory flexibility, perhaps) getting poorer as I age. *heh*