If you don't read the newspaper, you are uninformed; if you do read the newspaper, you are misinformed. Read us instead.

How to create an unbreakable password

EncryptionJay sat in my living room sipping his cooling cup of tea. Had we passed in the street I would probably not recognised the tall, almost gangly, bespectacled figure, his loose blue cotton shirt flapping around him like the sails of an improbable yacht, mast thin legs striding in that peculiarly purposeful way that spoke of pursuit rather than destination.  This should not surprise me, for we had not seen each other in thirty years. When he left University, the proud bearer of a stellar first class honours degree in really hard maths, in contrast to my lucky second, our paths diverged – he went to Harvard, completed a PhD in even harder maths, then secured tenure and has been there ever since.  I messed around for twenty years thinking about doing a Masters. Now here he was, sitting on my chair, asking a favour.

Jay’s brother had a different perspective on academia. While no less brilliant than his older brother, in fact I’m inclined to say he is the bright one in the family, Patrick could not care less about achievements. He disappeared to the Far East, and spends his time writing weird things to even weirder publications. A few years ago, Pat emailed me with contact details, he found me via an old blog I had and chose me presumably because I could be trusted not to broadcast his whereabouts unless it was absolutely necessary. It was. Their mum is ill, perhaps terminally.

Fortunately, I keep my emails. Thank you, Gmail. Equally fortunately, I had mentioned in passing at a family get together, that I had heard from Patrick. This filtered through our convoluted grapevine back to Jay and he filed it away for come the day.

The day came, and so did he: knocking at my door.

I obliged happily when he asked me to reveal his younger brother’s whereabouts and proceeded to fire up my laptop. When I finally managed to login to GMail, he commented that it was not very secure having the same password for everything. He then quoted my password, which is a nine figure string, comprising three upper case letters, three numbers, a lower case letter and two symbols – not in that order. Okay, I confess I use the same password for everything except banking, but I do change it regularly on the sites that matter. Like this one.

Okay, Mister Smarty Pants, what’s your password regimen then? I wish I’d never asked. Jay asked me to hand him the laptop, whereupon he started Abiword, my Word Processor and proceeded to press his elbows into the keyboard. This caused a long strong of letters and characters to appear on the screen – something like:

qa~A0ZZ.Z*#SZRT4543FGVBHG5.

There, he said triumphantly, an unbreakable password. How could he possibly remember that? Try me, he said and smiled for the first time since I shook his hand. He was, of course, letter perfect. He also revealed that he could remember 36 other passwords and the occasions when they were relevant. S’not fair.
N.E.Way unless you too have a brain capacity to rival Hal 9000, this method is completely useless and given the ease with which Jay managed to identify my passwords simply by following my hand movements, I decided that different passwords for everything is a must – if only to limit the damage I might suffer by being observed while entering a password in Starbucks or wherever. The only way to do this is to have a password system. That is, a method of creating passwords that I can easily remember, so if I have to recreate the password I can do so. The system has to create complex passwords otherwise it’s pointless. These twin, but opposed criteria might seem to be mutually exclusive, but with planning they can both be accommodated.
The first thing to do is decide upon a common factor – a phrase or word. Something like “A stitch in time” – then convert that to a combination of numbers and letters thus: ast1tch1nt1m3 – where the letter “i “has become a numeral “1″ and the letter “e” has become “3″. Next, you need to identify the website to which this password is relevant, and you can do this by adding some of the characters from the website’s domain name to the password.

For added security you can encode them, perhaps by adding the numeric equivalent of the letters before or after the phrase you have just encoded. So, taking the first three letters of gmail.com you get 071301  (07=g, 13=m and 01=a).

Thus our password is now 071301ast1tch1nt1m3 – we can further complicate this by adding in some symbols. I like to add two or three: one at the beginning, one at the end and one separating the two elements of the password, the domain and the phrase. These too need to be memorable, so you could use the first three letters of the domain again 7, 13, and 1, but convert them to symbols by counting off the keys on the top row of the keyboard. So, our symbols are: 7=^, 13=+ and 1=¬. So our password is now:

^071301+ast1tch1nt1m3¬

Obviously, you need to make up your own mnemonics for this system, and I’ve used different ones to my regular system, but the principles remain the same. The cool thing is: if you remember the system, you will never forget a web password and no one will crack it either. Ever.

Post to Twitter

  • Share/Bookmark

Tags: , ,

This entry was posted on Monday, June 15th, 2009 at 3:18 pmand is filed under Internet, Life, Mushroom Theory. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
blog comments powered by Disqus