How to Remember Passwords Forever

This might be the biggest payoff for the memory system, nowadays, since we’re required to remember potentially dozens of passwords for web sites and devices and all sorts of things all the time. We have a challenge, right off the bat, however. Passwords must be, at the same time, hard to guess but easy to remember. They must be hard to guess for identity thieves, who are running bot programs, all day and all night, trying to guess your passwords. They “throw the book” – the dictionary – at web sites, trying common words over and over in simple-minded combinations, hoping to get lucky and find someone who used a too-easy password. But if it’s hard to guess, a password is going to be tough to remember, unless you have extraordinary memory tools, and you do. Here’s the checklist of requirements:

  • it’s a bad idea to use your name, your birthday, your address: too easy to guess or to find out from public information
  • it’s risky to use the same password for different sites or applications
  • it’s time-consuming and distracting to look up passwords from written lists, not to mention the risk in keeping a written list in the first place
  • some sites require strong passwords with numerals, mixed-case letters, and punctuation marks
  • it’s a good idea to change passwords frequently, and some sites require you to do so

The memory system has answers for all these problems and makes it a snap to create secure passwords quickly and to remember them forever.

There are two sorts of passwords we must deal with: ones we can choose and ones we can’t. For the ones we can’t choose, go with the phantasmagoria approach, just the way we do with phone numbers. This takes a little time and imagination, but it’s fun and easy.

For now, let’s deal with the more common situation, where we’re setting up a login for some web service and we need to come up with a secure password, right now, and not forget it, EVER.

To make this concrete, suppose your’re setting up an Ebay account. Think! What’s the FIRST thing that comes to your mind when you think of Ebay? Collectibles! Ok, that’s CLCTBLS, or 7571950. Now, what kind? Baseball (at least, that’s what you’re looking for on Ebay)! Ok, that’s BSBL or 9095. Right there, we have BSBLCLCTBLS or 90957571950. That’s pretty hard to forget, and pretty hard for others to guess, even if they know the system, because it uses facts that are essentially impossible for them to find out – that you’re thinking of baseball collectibles when you go to Ebay, and then encodes them in a system that’s not common knowledge. (Don’t be tempted to encode your Ebay username in the password, however – that’s too high a risk). This password is directly associated with Ebay, so you won’t be tempted to use the same password for Amazon or something else. If you have to write it down, you only write down “baseball collectibles,” and (almost) no one will be able to come up with your password even if he gets your list. You, however, will have no problem at all.

There’s the general pattern: a pair of words, one for your general interest and one more specific. For Amazon, you might be interested in Used Textbooks, STTKSTBKS or 011701970.

But, there may be a problem. Some web sites require mixed characters in passwords. For those sites, you can’t use all numbers or all letters or letters of the same case, or be too regular in the construction. There are a lot of good ways to proceed, and you have extraordinary tools, making this task much easier and more secure than average. Here are just a few ideas:

Keep the numerical coding, 9095, of your specific interest, and keep the general word, CLCTBLS, in alphabetic form. Shuffle the numbers in with the associated word, coming up with 9C0L9C5TBLS. Or, for more variety, put the trailing characters in lower case, for 9C0L9C5Tbls. You could double up the 9095 and change the second copy into equivalent punctuation. On the standard keyboard, holding down ‘shift’ while typing 9095 produces ( )(%, so you could come up with 9C0L9C5T(b)l(s%. You could reverse the second, punctuation copy of 9095 for 9C0L9C5T%b(l)s(, and on and on.

Of course, with all these options, there is a risk of forgetting which one you used, so pay attention and remember, or write down just the METHOD you used, but not the encoding. Keep that forever a locked secret in your brain.

Here’s another, very powerful technique: double encoding. Start with the numerical value of “baseball collectible:” namely, 90957571950. Now, encode that with a standard phantasmagoria:

90 – picture a PIZZA coming out of the oven, so hot that you must

95 – BLOW on a piece to cool it off, so hot that it reminds you of

75 – a burning COAL,

71 – you pick up the shaker and COAT it with hot red pepper flakes

950 – and then notice the pineAPPLE Slices that you don’t even like on it

Now, you could string these together, PIZZABLOWCOALCOATAPPLES, but that would be too long for most passwords. Take out the vowels and undouble the consonants, for PZBLCLCTPLS. Alternate upper and lower case for PzBlClCtPlS. Make every third one a numeral (if lower case), or a special-character-over-the-numeral (if upper case), for Pz(lC5Ct(lS. These are still easy to remember, if a bit of work to reconstruct, and will be all-but-impossible for an adversary to guess.

Whatever technique you pick: practice it, lock it into memory, stick with it.

Advertisements

~ by rebcabin on January 10, 2011.

One Response to “How to Remember Passwords Forever”

  1. […] "Well, that’s no problem," I thought, "we mastered that back in  How To Remember Passwords Forever." But, the password came to me in base 64, also known as Radix-64. This is an encoding for […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: