Security Corner

Mar 31 2011   11:50PM GMT

Complex Compound Pass Phrases

Ken Harthun Ken Harthun Profile: Ken Harthun

What the heck is a “complex compound passphrase,” you ask? Ah, let me enlighten you, Grasshopper! I am the master of password systems, but this one escaped me. You see, I had fallen into the trap known as complexity and had been busy defining complex algorithms for generating unguessable passwords; in essence, I had been hoist by my own petard.

Yesterday, while solving the latest Cryptoquip puzzle in my local newspaper, I had a revelation. The description of the cryptoquip always says something along the line of “this puzzle is a simple substitution cipher…” The Aha! moment came when I realized that “simple” is the operative word here. People don’t like complexity, so the average person isn’t going to use a complex algorithm.

So, even though I call this “Complex Compound Pass Phrases,” the method of creating them is simple. I call them “complex” because they are extremely strong and nearly unbreakable for all intents and purposes. Here’s how to create them.

  1. Choose at least two words that are memorable to you. It doesn’t even matter if it’s something someone else would know. Use your pet’s name, your mother’s name, whatever.
  2. Merge the two (or more) together alternating letters from each word, creating a string.
  3. To make it all even more secure, capitalize every other letter or change a couple of the letters to their number equivalents.

All that would take a minute, at most and is easily remembered.

Here’s an example using my name and my pet’s name (Kenneth, Missy): KmEiNsNsEyTh. You could change the E’s to 3′s and you would have Km3iNsNs3yTh.

Pretty well unguessable!

Note to hackerz: I have not and never will use that pass phrase, so don’t bother trying to hack me! LOL

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: