Password Selection is an Art

August 9, 2010

At TrustCC one of the most common issues we hear about from clients is balancing the need for complex passwords, while minimizing user complaints of how complicated it seems to make the process.  To help address this issue, we’ve come up with a technique that is easy for the user and fulfills the strong password requirement.

Weak passwords include any passwords that are:

  • Short
  • Actual words
  • Predictable (12345abc)
  • Based on your life i.e. spouse’s nickname

Furthermore, passwords should never be written down.

Seem like a big pain? Don’t know where to begin?

For many years TrustCC has been teaching password selection techniques that  align with the recommendations of new research.  We recommend combining several techniques that produce a highly unpredictable password.

Try our technique:

  1. Pick a routine character substitution and apply it consistently. You might decide you are going to change all “t”s to “6” and every vowel to a “(“.  Do not share this information with anyone.
  2. Then pick a long word or phrase that is easy for you to remember.  Example: “Thoughtful”
  3. Now apply your substitution and “6h((gh6f(l” is your password.

The beauty of this technique is that it produces very unique passwords and all you have to remember is your word/phrase and your applied character substitution.  Let’s say you also want unique passwords for the websites you visit.  As long as it’s not your online banking account,  using the company name as your password might work as long as you apply your character substitution.  The password for your yahoo account becomes “y(h((“.   As a best practice, we  recommend you pad all passwords to a full 8 characters with some other routine formula such as “76543” until a full eight characters is achieved.  Yahoo’s password then becomes “y(h((765”.  Your Amazon password would be “(m(z(n76”.

The bottom line is, the BEST passwords are unpredictable and easy to remember.

For details on the recent research visit  http://research.microsoft.com/pubs/132859/popularityISeverything.pdf

– TrustCC


One comment

  1. […] it every time you need a password.  (Some friends of mine wrote a nifty blog entry on this over at TrustCC.)  If you’re replacing all vowells with a ), and you need a password for your yahoo account, […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: