Re(think) Your Password
Posted by Brandon on November 19, 2009
Updated: August 20, 2009
As internet security issues continue to be brought to the surface, people who want user accounts on many web sites are being asked to come up with passwords that are more secure. They’re asked to do things like include both letters and numbers, as well as punctuation, to break up some of the logic behind figuring out people’s passwords through systematic guessing and brute force methods. This is great advice, but to me it sounds kind of difficult for the user to follow through with.
Just following the instructions, many people end up with passwords like
cammy21 (the user has a daughter, named Cammy, who was 21 at the time) or 53acres! (the user lives on 53 acres of land, and loves it). Even the most amateur of computer users can guess passwords like these if they know a little about the user. The same passwords, however, could be made a bit more secure:
- cammy21 could turn into c@mmy21? or 2c4Mmy1! etc.
- 53acres could become 53.4cr3s or @cr35,53 etc.
With a little imagination, letters can be replaced by similar looking numbers and other symbols, punctuation can be placed in relatively logical positions, and letters can alternate between lower- and uppercase, creating passwords that would be pretty difficult to figure out unless someone was really determined.
How do we make passwords even more secure?
Forget using passwords. Instead, use passphrases.
A secure passphrase can be easier to remember than a secure password because the punctuation can be more logically placed, words that one might say in the flow of a sentence are more memorable than combinations of words which happened to be related, and they may even hold more meaning to us.
For instance, perhaps a few years ago you just LOVED making fun of Ronald Reagan, our 40th president here in the States. Perhaps something silly went through your head a lot, like “Ronny Donny Reagan Bacon!” You could certainly turn that into a very secure password, especially if you haven’t repeated your mantra to a million people, but even then it would still be a difficult one to guess because of the combinations of numbers, puntuation, and other symbols:
“Ronny Donny Reagan Bacon!” could turn into:
- r0nnY,DoNNy,R34g4n-bac0N!
- RoNNY,d0nny,r3464N>B4KOn?
- rh0nnY,D0nnY<RayG4n,B4yKun…
- Rawny,T4wny-R4yGun,B4k3-in!
- r4hnny,D4wnnY;Re46en,Bayk1n:
The above list can’t be infinite, but it sure can be completely, ridiculously huge for all practical purposes. The key is to find a phrase you are familiar with; figure out new, creative ways it could be spelled; replace some letters with numbers and other symbols that look like them; and throw in some punctuation where you think it makes the most sense, or where it makes no sense (if you can remember where it all goes).
If the phrase is familiar to you — especially if it’s hilarious — it is possible to memorize the the passphrase easily after a few repetitions of using it to log into your account. With some practice using this style of passwords, typing out and thinking about passwords in these ways can become second nature, as though you have simply learned more letters in the alphabetic system you’re already familiar with.
Below is a list of the letters of the alphabet and several symbols that could be used to replace them (separated by commas):
| these letters | can be replaced by these symbols |
| a | 4, @, * |
| b | 6, 8 |
| c | @, <, ^, K |
| d | ), #, & |
| e | 3, @ |
| f | 5, 7 |
| g | 5, 6, 9, &, % |
| h | 4, # |
| i | 1, !, l (L), [, ], {, }, |, /, \ |
| j | 1, !, 5, ), }, ? |
| k | #, %, c |
| l | 1, 7, [, ], {, }, |, /, \ |
| m | #, %, /\/\ (slashes), nn |
| n | 2, #, /\/ (slashes) |
| o | 0 (zero), 8, @, &, () |
| p | 7, 9, @, %, q |
| q | 2, 4, 9, @, %, &, o, p |
| r | 2, 7, # |
| s | 5, $ |
| t | 1, 7, ~, !, *, i |
| u | ^, \/ (slashes), %, (), v |
| v | ^, \/ (slashes), (), u |
| w | ^^, \/\/ (slashes), ()(), uu, vv (two v’s) |
| x | %, * |
| y | 7, ^, \/ (slashes), v |
| z | 5, 7, %, <, >, /, \, s |
What other symbology can you use? Your mind has no limit.