jducoeur | Password algorithm: songs

I was just reading a thread discussing the annoying tendency of modern corporate computer systems to force everybody to change passwords frequently. (A policy I think is fairly stupid, but that's a separate discussion.) Several folks were complaining about the difficulty of coming up with new passwords that were long enough, included upper and lower case, numbers and symbols, that aren't subject to a dictionary attack. And it occurred to me that at least some folks probably don't know the approach that I learned moderately recently, which seems to be working well: songs and poems.

Specifically, the trick is to take a line (first or otherwise) from a song or poem you know well, and anagramatize it. Take the first letter of each word, more or less. Use capitals for the beginning of the line, and any proper nouns therein. Use numbers for numbers. Use texting abbreviations for words like "for", "to", and "you". Use appropriate symbols in place of words like "and", "at", and "or". Use commas, periods and semicolons as appropriate. Obviously, you can't use just any random line and still get a sufficiently strong password, but there are a very large number that do work decently well.

I was introduced to this idea a few months ago, when I started my consulting gig: one of the sysadmins handed me a password that appeared to be utter gibberish until he clued me into which line it was, which turned it into a remarkably easy-to-remember mnemonic. So I've picked this approach up for most of my passwords since. The results sometimes come out a bit long and slow to type, but they are at least relatively easy to remember, which is usually the more important problem for me.

So if you're looking for acceptable passwords, keep this in mind as an option. Used judiciously, it's a good way to produce passwords that are both strong and memorable...

Flat | Top-Level Comments Only

And please note that *everyone* picks Beatles songs, so don't do that.

There are passwords I remember
All my life, though some were changed
Some for alpha, some numeric
Some had ones and some a bang

All these systems have mnemonics
For keystrokes and glyphs I still can recall
Some are strict and some forgiving
In my life I've hacked them all...

That makes me smile.

I would be remiss, too, if I did not link to Gunther's "Change Passwords"...

My sweetie has a password that is two lines of some medieval song -- makes me think of Cmdr. Data when he starts typing it in.

Me, I often use a sequence of items that are within view when I'm asked for a new password (with various letter substitutions as you note.) It's not as strong as the multiple-substitutions that you list, but at least it's better than "password12" and that ilk.

Oh, yeah. I can actually type a long passphrase more easily than I can type just the initials. I pull them from all sorts of sources; even somebody who knew me well, and knew all the sources I know, would have a hard time guessing which phrase I'd use.

And it really freaks people out when they see me log in, which is always a plus. :-)

Hmm. Interesting point -- I'll have to experiment, and see whether typing an exact phrase is faster for me. It's certainly possible...

Oddly enough, I read a Torchwood fanfic which actually had that as a (minor) plot point. The line of the poem was even relevant to the story, if I recall correctly. I didn't realize people actually did it, though, good to know it's recommended by the experts.

That's a pretty good scheme; thanks.

I have to type my main password a dozen or more times a day, so ease of typing is a factor. I tend to have trouble with the first-letter-of-each-word systems, and just when I get one nailed I have to change it again, but songs might work better than random texts. What I mostly do now is increment the password, but that runs into trouble after a while and sometimes I have to really change it. (I can reliably touch-type 1, 2, and 3, and usually get 4 on the first try, but am likely to be off by one for any other digits. So even when I drop "11" and "12" and so on into the mix, I'm eventually hindered by the system that remembers my last 24 passwords and will not let me change more than once in a day.)

Ironically, I just 'invented' this technique when recent events forced a password change on me.

Songs, we all can remember. ;)

When I started having to put numbers into my passwords, I started doing something similar by using names, words, or lines from a play (or episode) and putting the act and scene numbers (season and episode number) at the end.

Speaking of passwords, I still believe that the "random" password they generated for me at Wellesley was very prophetic for my 4 years there...

Okay, now you have me very curious...

Another thing I tend to do is use people's initials and birthdates; so my password at one point was related to my girlfriend's initials and year of birth: S19j87c! . Essentially, I have to remember a person, some capitalization rules, and sometimes some punctuation, but it works out reasonably well... the only problem that as a number of passwords that I use increases, I have to try more and more of these combinations when I forget who was on my mind when I set the password :)

This is an excellent idea. Thank you for passing it along!

Which reminds me... A few years ago I was introduced to a test system whose logon pair was: "thebard" and "a2bruta!", which made me laugh.

Later I realized that the pair's genitor was long gone, and no one else on the team got the joke. *sigh*

Password algorithm: songs

no subject

no subject

no subject

Thanks.

no subject

Passphrases

Re: Passphrases

no subject

no subject

no subject

no subject

no subject

no subject

no subject