Security Corner

Aug 20 2009   12:41AM GMT

Peter Piper Picked a Perfect Password Pattern

Ken Harthun Ken Harthun Profile: Ken Harthun

A little Alliteration is good for writing effect every now and then; why not apply this to passwords? I don’t mean to write out an alliterative phrase and turn it into a password or passphrase (though you could, I guess); what I mean is to use a pattern that makes it easy for you to remember the password, but still results in a very strong, un-guessable one. Here’s an example of a very strong password: 19[-[Phrase]-]60.

This one is very weak: %6*Some*Phrase*6%. Can you see why? Too many repetitions of characters. Change it slightly, %6!Some*Phrase!6%, and it becomes very strong.

The trick is to come up with a pattern that means something to you. By no means should you use the patterns I suggest—use something that will be easy for you to remember.

I’ll leave it to you to analyze the two examples and let you come up with your own. Remember, the bad guys read these blogs, too.

You can mosey over to the Password Meter page at Ask the Geek to check the patterns/passwords you come up with. That’s the best password meter I’ve ever seen, bar none.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • MichaelSeese
    I like to create a strong password by contriving a phrase that I [I]know[/I] has at least two numbers. For example, I’m a huge fan of the Beatles. So my phrase can be, [I]In 67, Sgt. Pepper was released[/I]. Taking the first letter from each word leads to [B]i67spwr[/B]. If I want to maintain the capitalization, it becomes [B]i67SPwr[/B]. The beauty of this system is that it allows me to use the “Post-It” method for a hint. I could write down “Beatles” (or if I want to be a little more obscure, "btl”) and put sticky notes all over my office. I challenge a cracker to derive [B]i67spwrd[/B] from “btl.” And yes, I [I]have[/I] used this passphrase, but it has long since expired. -- Michael Seese, author of [A href=""]Scrappy Information Security
    0 pointsBadges:
  • Ken Harthun
    Thanks for your comment Michael. I have proposed a similar system before. You may be interested in my next post, which is an abridged version of a longer post I did awhile back for Dave's Computer Tips newsletter...Ken
    2,300 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: