IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Corner > Peter Piper Picked a Perfect Password Pattern

>>VIEW ALL POSTS

Security Corner

Aug 20 2009 12:41AM GMT

Peter Piper Picked a Perfect Password Pattern

Posted by: Ken Harthun

Password, Secure Computing, Security, Security tools

A little Alliteration is good for writing effect every now and then; why not apply this to passwords? I don’t mean to write out an alliterative phrase and turn it into a password or passphrase (though you could, I guess); what I mean is to use a pattern that makes it easy for you to remember the password, but still results in a very strong, un-guessable one. Here’s an example of a very strong password: 19[-[Phrase]-]60.

This one is very weak: %6*Some*Phrase*6%. Can you see why? Too many repetitions of characters. Change it slightly, %6!Some*Phrase!6%, and it becomes very strong.

The trick is to come up with a pattern that means something to you. By no means should you use the patterns I suggest—use something that will be easy for you to remember.

I’ll leave it to you to analyze the two examples and let you come up with your own. Remember, the bad guys read these blogs, too.

You can mosey over to the Password Meter page at Ask the Geek to check the patterns/passwords you come up with. That’s the best password meter I’ve ever seen, bar none.

Comment

RSS Feed

Comment on this Post

Leave a comment:

MichaelSeese | Aug 20, 2009 3:13 AM (GMT)

I like to create a strong password by contriving a phrase that I [I]know[/I] has at least two numbers. For example, I’m a huge fan of the Beatles. So my phrase can be, [I]In 67, Sgt. Pepper was released[/I]. Taking the first letter from each word leads to [B]i67spwr[/B]. If I want to maintain the capitalization, it becomes [B]i67SPwr[/B].

The beauty of this system is that it allows me to use the “Post-It” method for a hint. I could write down “Beatles” (or if I want to be a little more obscure, “btl”) and put sticky notes all over my office. I challenge a cracker to derive [B]i67spwrd[/B] from “btl.”

And yes, I [I]have[/I] used this passphrase, but it has long since expired.

– Michael Seese, author of [A href="http://www.amazon.com/Scrappy-Information-Security-plain-English-Biometrics/dp/1600051324/ref=sr_1_1?ie=UTF8&s=books&qid=1245928166&sr=1-1"]Scrappy Information Security

The Geek | Aug 20, 2009 1:14 PM (GMT)

Thanks for your comment Michael. I have proposed a similar system before. You may be interested in my next post, which is an abridged version of a longer post I did awhile back for Dave’s Computer Tips newsletter…Ken

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags