Home    News    Tool Box    About    Search   
article categories
Food and Cooking
Home Improvement
Personal Finance
Pets and Animals
Pool and Spa
Recreation Vehicle - RV
article categories
How To Videos
SUBMIT ARTICLE Newsletter Signup
Newsletter Archive
DIY Links and Resources
Advertise Here

Sealed Lead-Acid Batteries at interstatebatteries.com

123inkjets.com - Printer Ink, Toner, & More

Great Deals Every Day @ Geeks.com

Interstate Batteries.com

Once You Know, You Newegg

Tool King Service, Selection, Satisfaction

How To Fix Your Memory for Passwords

This is not about replacing a stick of RAM in your computer, but rather a How To Fix Your brain kind of article.

One of the biggest problems that Network Administrators face, is dealing with user passwords. Actually, getting users to use a complex password, rotate it on a regular basis, and remember their passwords. The challenge is that in order to conform to network security policies in most companies with any sizeable network, password usage rules must be enforced on users. Rules like:

  • Using complex passwords with a minimum length
  • Changing passwords on regular basis (like at least every 90 days)
  • Protecting passwords with rules like don't tell anyone, don't write it down
The Solution

Here are a few ways of creating passwords that you can remember, will meet the complexity rules and will be easy to rotate.

1) Dont use passwords, use pass phrases!

See Wikipedia for Passphrase

This can be something like:
The network guy is a butthead! sum6

The sum6 is simply the first three letters of the season + the last digit of the year.

In the above example passphrase, you get to express your true feelings about the guy enforcing the rules :), it meets complexity rules, it can be rotated for 10 years!, you can remember it easily and it certainly meets the length requirement. In fact the negative side of this is if you have to type it 10 times per day, it will get old very fast, even though you get to tell the network guy what you think of him many times per day!

2) Use a password construction scheme.

This is a formula in which a few easy to remember parts create your password. For example: My spouses initials + My birthyear + Month (2 digit) + Year (2 digit)
The result would be something like xyz19720806

This is simple and would be good for 100 years of rotation, although, I would hope you would get sick of it and change your scheme after a year or so.

Let's try another:
my Favorite Beer + the first three of my zip code + the first three of current month
Result: SamAdams913aug Again, easy to remember, however, only good for a year of rotation every month.

The above examples may or may not meet the complexity requirements of your network or application.

Tip! Most corporate network password policies do not allow you to write passwords down, however, most do not keep you from writing down your password scheme to help you remember. If the parts of your password scheme are very personal, then it is still secure even if someone finds your postit with the scheme written on it.

What NOT To Do

1) Don't use password generators.

Password generators are best for creating cryptic passwords that no one can remember. The only saving grace can be that most password generators will provide a Phonetic Pronunciation for the password. For example:

b3Ef8afR - (bravo - Three - ECHO - foxtrot - Eight - alpha - foxtrot - ROMEO)
- or-
n7ayiuko - (november - Seven - alpha - yankee - india - uniform - kilo - oscar)

If you like program generated passwords, here is a handy tool: thebestvpn.com

Tip to Net Admins!: The worst thing you can do to users, is force generated passwords on them like the above. Network/System admins that do this are just asking for trouble. Most any user is going to write this down on a postit and stick it in his/her desk drawer, or, create a Word doc or text file on their file system somewhere with passwords in it. A disaster waiting to happen.

2) Don't use Hackereze

Many supergeeks will recommend that users utilize hackereze for passwords. Problem is that unless you use this in your daily communications, it may not be very easy for a user to remember. Plus, there are a number of hacker language variants such as from the Warez and Crackerz subcultures. But, the biggest problem is that it is not secure because most brute force password crackers include the hacker version of words in their dictionary.

In Summary

My recommendation is to use password construction schemes. These are very flexible to meet the needs of any corporate password policies and still easy to remember. Using parts of your scheme that no one else would know, makes it quite secure, kind of like those password reminder questions that many web sites will ask you for. Of course, you will need to ask your network administrator or refer to the password policy of your company to create a scheme that works for you, meets the complexity requirements, and will meet the rotation requirements.

Author: dchafee
Article Date: 08/25/2006

  Did You Know...  
The turbopump on the Space Shuttle main engine is so powerful it could drain an average family-sized swimming pool in 25 seconds.
Source: fun-facts.com

Fun fact# 26

    © DC Systems 2014    
home | news | Tool Box | contact
      Get Firefox!