Posted by: Ken Harthun
Remember these? Anyone who was old enough to receive mail in the last 20 years or so probably got several of them. Every sleeve had an unique registration number and password. The combination of the unique number and long password provided adequate security and prevented people from hacking a free AOL account.
This model is probably still valid today with one exception: The dictionary words AOL used would be hacked quickly with modern brute force tools.
But what if the password wasn’t made up of dictionary words? What if it was made up with nonsense words? Follow along please because this is another one of those brilliant solutions to the I-can’t-remember-a-complex-password problem.
Lewis Carroll, in his book “Through the Looking-Glass and What Alice Found There ,” 1872, composed a brilliant piece of nonsense poetry entitled “Jabberwocky.” Here are the first three stanzas:
`Twas brillig, and the slithy toves
Did gyre and gimble in the wabe:
All mimsy were the borogoves,
And the mome raths outgrabe.
“Beware the Jabberwock, my son!
The jaws that bite, the claws that catch!
Beware the Jubjub bird, and shun
The frumious Bandersnatch!”
He took his vorpal sword in hand:
Long time the manxome foe he sought –
So rested he by the Tumtum tree,
And stood awhile in thought.
What absolutely glorious nonsense! And chock full of words that aren’t likely to appear in a dictionary attack. Oh, the possibilities. You could post this poem right there in your cubicle and with a few discreetly placed color coded dots come up with user names and passwords that no one could guess in a bazillion years. You don’t have to use your own name for a user name, you know. “Bandersnatch446″ works as a perfectly valid user name. Combine that with a couple of other nonsense words using AOL’s example, and you have an airtight winner. How about “Frumious-VorPal” for a password?
You know, security is serious business; both the white hats and black hats are very serious about their side of the game. Sometimes the best way to win is through sheer insouciance. Instead of insisting that your IT department use logon names like BillC, or JohnB, come up with something a bit more creative and less easy to guess. You can make it a standard pattern, just make it something unusual.
I’m going for brillig859/Toves-OutGrabe for my next user account.