How To Remember Passwords by Dean Chafee HowToFixYourStuff.com

Home » Categories » Computers & Networking » Other Computers & Networking » How To Remember Passwords » Printer Friendly

	How To Remember Passwords
	No Reader Ratings Available ?	Rate It / View Comments / View All Articles submitted by Dean Chafee
	Submitted Tuesday, May 08, 2007
	Dean Chafee ^(1,488) Dean Chafee HowToFixYourStuff.com Log in to become a member of Dean Chafee's Fan Club!

One of the biggest problems that Network Administrators face, is dealing with user passwords. Actually, getting users to use a complex password, rotate it on a regular basis, and remember their passwords. The challenge is that in order to conform to network security policies in most companies with any sizeable network, password usage rules must be enforced on users. Rules like:

* Using complex passwords with a minimum length
* Changing passwords on regular basis (like at least every 90 days)
* Protecting passwords with rules like don't tell anyone, don't write it down

The Solution

Here are a few ways of creating passwords that you can remember, will meet the complexity rules and will be easy to rotate.

1) Don't use passwords, use pass phrases!

See Wikipedia for Passphrase

This can be something like:

The network guy is a butthead! sum6

The sum6 is simply the first three letters of the season + the last digit of the year.

In the above example passphrase, you get to express your true feelings about the guy enforcing the rules :), it meets complexity rules, it can be rotated for 10 years!, you can remember it easily and it certainly meets the length requirement. In fact the negative side of this is if you have to type it 10 times per day, it will get old very fast, even though you get to tell the network guy what you think of him many times per day!

2) Use a password construction scheme.

This is a formula in which a few easy to remember parts create your password. For example: My spouses initials + My birthyear + Month (2 digit) + Year (2 digit)
The result would be something like xyz19720806

This is simple and would be good for 100 years of rotation, although, I would hope you would get sick of it and change your scheme after a year or so.

Let's try another:
my Favorite Beer + the first three of my zip code + the first three of current month
Result: SamAdams913aug Again, easy to remember, however, only good for a year of rotation every month.

The above examples may or may not meet the complexity requirements of your network or application.

Tip! Most corporate network password policies do not allow you to write passwords down, however, most do not keep you from writing down your password scheme to help you remember. If the parts of your password scheme are very personal, then it is still secure even if someone finds your postit with the scheme written on it.

What NOT To Do

1) Don't use password generators.

Password generators are best for creating cryptic passwords that no one can remember. The only saving grace can be that most password generators will provide a Phonetic Pronunciation for the password. For example:

b3Ef8afR - (bravo - Three - ECHO - foxtrot - Eight - alpha - foxtrot - ROMEO)
- or-
n7ayiuko - (november - Seven - alpha - yankee - india - uniform - kilo - oscar)

If you like program generated passwords, these were generated at: Winguides.com

(Side comment: I find it interesting that the above site, WinGuides.com is running on Linux/Apache/PHP. Quite ironic! But I digress.)

Tip to Net Admins!: The worst thing you can do to users, is force generated passwords on them like the above. Network/System admins that do this are just asking for trouble. Most any user is going to write this down on a postit and stick it in his/her desk drawer, or, create a Word doc or text file on their file system somewhere with passwords in it. A disaster waiting to happen.

2) Don't use Hackereze

Many supergeeks will recommend that users utilize hackereze for passwords. Problem is that unless you use this in your daily communications, it may not be very easy for a user to remember. Plus, there are a number of hacker language variants such as from the Warez and Crackerz subcultures. But, the biggest problem is that it is not secure because most brute force password crackers include the hacker version of words in their dictionary.

In Summary

My recommendation is to use password construction schemes. These are very flexible to meet the needs of any corporate password policies and still easy to remember. Using parts of your scheme that no one else would know, makes it quite secure, kind of like those password reminder questions that many web sites will ask you for. Of course, you will need to ask your network administrator or refer to the password policy of your company to create a scheme that works for you, meets the complexity requirements, and will meet the rotation requirements.

For more helpful computer related information, visit my computer fix category on HowToFixYourStuff.com.

tweet this!

►Reprint Rights◄

Was this article helpful to you? Leave a Public Comment or Question:


	This Article has been viewed 77 times. Article added to SearchWarp.com on 5/8/2007 4:13:27 PM. View other articles written by Dean Chafee ^(1,488) Dean Chafee

If you found this article interesting, you may want to check out:

There are 5 Official US Flags that never go to half-staff. What are they?
Has anyone ever gotten a job from an online source?
Is Your Hardware Outdated?
How to Configure a Windows 2003 Time Server
Getting errors when trying to send email through Bellsouth DSL...
Finding High Quality Cheap Laptops For Students
Cisco CCNA Certification Exam FAQ: Discussing 640-801 And 640-802
Outlook 2007 – Time to Understand The Real Performance Issues
Network Cameras "Things to Consider"

Disclaimer: All information on this site is provided for informational purposes only! By no means is any information presented herein intended to substitute for the advice provided to you by any health care or other professional or organization.