The problem with strong passwords is that they are somewhat difficult to remember. It's much easier to remember a password such as GuessThePassword than one such as 6!2f?MHclh6@, but the former is also much easier to guess or attack with brute-force techniques. Coming up with a strong but easy-to-remember password is easy, however, if you follow these steps:
Let's look at these steps.
This is a simple step: think of some words or letters, and consider how you would obfuscate each of them by reducing them to a single letter or symbol. Table B-2 shows some examples.
Table B-2. Some obfuscation rules.
Word or Letter | Obfuscation | Comments |
---|---|---|
Up | ^ | The up arrow |
Down | V | The down arrow (uppercase or lowercase letter V) |
Right | > | The right arrow |
Left | < | The left arrow |
And | & | C++/Perl/JScript "and" |
Or | | | C++/Perl/JScript "or" |
Pipe | | | The shell pipe symbol |
Not | ! | C++/Perl/JScript "not" |
Not | ~ | C++/Perl/JScript bitwise "not" |
Point/arrow | -> | C++ pointer symbol |
Equal/compare | = | The programming equal symbol |
Point | . | A single point |
At | @ | Symbolic at |
You | U | Phonetic similarity |
Be | B | Phonetic similarity |
See/Sea | C | Phonetic similarity |
Are | R | Phonetic similarity |
To/Too | 2 | Phonetic similarity |
Why | Y | Phonetic similarity |
F | Ph | Phonetic similarity |
Snake | S | Looks like a snake! |
Come | , | Comma-sounds similar |
Stop | . | Anglo version of period-a full stop |
Water | ~ | Squiggly line-like a wave! |
Star | * | A starlike symbol |
Cross | X or + | Crosslike symbols |
Great | > | The greater than symbol |
Less | < | The less than symbol |
O | 0 | Replace letter O with zero |
On | 1 | On = binary on or 1 |
Off | 0 | Off = binary off or 0 |
E | 3 | Hackers often use 3 to represent E reversed. |
L or I | 1 | Hackers often use the number 1 to represent L or I. |
1 | ! | Hackers often use the symbol ! to represent the digit 1. |
A | 4 | Hackers often use the number 4 to represent the letter A. |
S | $ | Hackers often use the symbol $ to represent the letter S. |
T | + | Hackers often use the symbol + to represent the letter T. |
Laugh, sad, shout, etc. | :-) :-( :-0 | Smileys! |
NOTE
You should derive your own obfuscation rules because some password-guessing programs might account for ! for 1, 3 for E, and so on.
This is the easy part: just think of a sentence, a line from a poem, part of a song, a nursery rhyme.
Now apply the rules you defined in the first step to come up with a password. Table B-3 shows some examples. Don't use these!
Table B-3. Some examples of complex yet easy-to-remember passwords.
Phrase | Password | Comments |
---|---|---|
Mary had a little lamb its fleece was white. | M+4vLiFW* | Mary = M had = + (add) A = 4 (see Table B-2) little = v (down, small) lamb = L its = i fleece = F was = W white = * (bright) |
Laugh and the world laughs with you. | :-)&t0:-(wU | Laugh = :-) and = & the = t world = 0 (zero, physically big) laughs = :-( (opposite to smile!) with = w you = U |
One day a man went to the zoo. | !D4mw2tz00 | One = ! (see Table B-2) day = D a = 4 (see Table B-2) man = m went = w to = 2 the = t zoo = z00 (see Table B-2) |
Finally, lock and unlock your workstation a couple of times to get familiar with how the password "feels." This might sound silly, but it helps you remember the password.
Use RandomGoo to Create Very Strong PasswordsWe've included a tool for Microsoft Windows CE Pocket PCs that will allow you to create long strings of cryptographically random data. The tool, RandomGoo, is available on the companion CD for MIPS-based and SH3-based Pocket PCs.