Friday, June 03, 2011

Incredibly strong passwords that are easy to remember

Steve Gibson is an interesting fellow that has been around quite a while. One thing he does when not creating commercial products is doing security-related research. He has come up with a way to make strong passwords easy to remember.

https://www.grc.com/haystack.htm

Consider these two passwords:
B0P4LzSzVZ4GgWiSZ5z2
.......D1mw!t.......

According to his calculations, it would take a thousand times more time to crack the second password than the first, even though the first is easier to remember! (check it out for yourself by going to the link above) The idea is that if you take what we typically use for a secure, but memorable password, and padd the front and back with something, anything easy to remember.

For example, take H3!!0 and make it something like one of these:
...H3!!0........
[]H3!!0[][][][]
~~~~H3!!0~
***H3!!0****
<-><->H3!!0<-><->
H3!!0

This increases the length of the password and minimally increases the ability to memorize it.

3 comments:

Joe said...

"Consider these two passwords:
B0P4LzSzVZ4GgWiSZ5z2
.......D1mw!t.......

According to his calculations, it would take a thousand times more time to crack the second password than the first, even though the first is easier to remember!"

I believe you mean that the second is easier to remember (by far).

Nice article, thanks!

Shey said...

Cool article. I enjoyed looking at my current Windows password which would take 1.7 years to crack via the massive cracking array, adding a full stop (period) at the end, and all of a sudden it would take 1.7 centuries.

Robert Watkins said...

I'm glad you found it as useful as I did!

Check out his other projects, very fun stuff. I am a big fan of his Security Now! podcast.