On Password Hell

Tuesday, November 06, 2012

Joel Harding


I had one sysadmin a few years ago who literally demanded we all use 64 character passwords and every other character had to switch type.  It was something like ^y?M3aI`B[a/  and so on…   It took me a full two minutes to type in the password, and I had to carry a paper with the password written on it, it was impossible to memorize.  I was so glad when he left.

The other day I had to generate a new password when I visited the Apple store.  I actually stood there and struggled to create a totally new password.  The Apple Expert was a saint, she stood there patiently waiting for this old guy to think of something.  While waiting she checked her email…

I’ve used programs to generate a password for me in the past, and once wrote an algorithm but I didn’t have them available…  I finally thought of a name and substituted odd characters for a few of the letters and added in some significant but easy to remember numbers at some important places.  I never write down my passwords so let’s hope I remember!

When I first worked for the Defense Intelligence Agency they would generate passwords for us, I still remember all of them.  Two capital letters and six lower case letters which didn’t even remotely resemble a word.  The following years showed an improvement, they started inserting numbers, but they were still eight characters long.

At one point I got sick of trying to remember passwords so I used the keyboard and offset the characters, using a series of four characters, non-repeating, alternating from letters to characters.  It made sense, since a few of the sites I use made me change passwords every month.  All I had to do was to write down the first letter and if it was upper or lower case or a number or a character.  All the other characters would be entered based on their position relative to the first on the keyboard.  I finally dumped that system when I had multiple passwords based on this simple system but I couldn’t remember which password was for which system.

I’ve also taught a simple sentence can be a good password.  “My first dog’s name was Jolly, she died in 1960.”  This contains characters, upper and lower case letters and numbers.  BUT, some systems don’t like including spaces.  Simply take out the spaces and run it together…   “Myfirstdog’snamewasJolly,shediedin1960.”  I’ve often thought of evil phrases I could use.  “My worst girlfriend’s name was , she kissed like a horse in 1975.”  “I’d like to sleep with , in 2003 she rocked a bikini!”  “My sexiest college professor was Dr. , she was so distracting she caused me to drop my Spanish course at Pitt in 1983!”  You get the idea…

Bottom line on the bottom, where it belongs.  Yeah, I make you read the whole thing.   Passwords can be good, they can be fun, they can be easily memorized. Or your system administrator could have a first name of Justin and make getting onto a computer Password Hell.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Network Access Control
Information Security
Passwords Authentication Access Control Network Security
Post Rating I Like this!
Carmelo “MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento”  A password 8 characters long and includes at least 1 capital
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.