Posted by: Ken Harthun
passwords, Secure Computing, Security best practice
What the heck is a “complex compound passphrase,” you ask? Ah, let me enlighten you, Grasshopper! I am the master of password systems, but this one escaped me. You see, I had fallen into the trap known as complexity and had been busy defining complex algorithms for generating unguessable passwords; in essence, I had been hoist by my own petard.
Yesterday, while solving the latest Cryptoquip puzzle in my local newspaper, I had a revelation. The description of the cryptoquip always says something along the line of “this puzzle is a simple substitution cipher…” The Aha! moment came when I realized that “simple” is the operative word here. People don’t like complexity, so the average person isn’t going to use a complex algorithm.
So, even though I call this “Complex Compound Pass Phrases,” the method of creating them is simple. I call them “complex” because they are extremely strong and nearly unbreakable for all intents and purposes. Here’s how to create them.
- Choose at least two words that are memorable to you. It doesn’t even matter if it’s something someone else would know. Use your pet’s name, your mother’s name, whatever.
- Merge the two (or more) together alternating letters from each word, creating a string.
- To make it all even more secure, capitalize every other letter or change a couple of the letters to their number equivalents.
All that would take a minute, at most and is easily remembered.
Here’s an example using my name and my pet’s name (Kenneth, Missy): KmEiNsNsEyTh. You could change the E’s to 3′s and you would have Km3iNsNs3yTh.
Pretty well unguessable!
Note to hackerz: I have not and never will use that pass phrase, so don’t bother trying to hack me! LOL