Working in an environment that enforces password changes every 90 days helps to ensure security for various informational assets, but as a user, it becomes frustrating to imagine a “new” password every time.
What usually ends up happening is the user inputs a password that they have used before or are currently using for another sign-on (i.e. their online bank account, or preferred online shopping platform), are related to the user personally (i.e. family names or important and personal dates), or an alteration of their existing password (Pilar, 2012).
Programmers can create certain functions to verify compliance with the organizations password policies, but only so much can be done without creating overly complex – and potentially frustrating– verification codes. Meaning? Most password creation verification programs look for symbols, lengths, and prior password history – not necessarily complexity or similarity to existing passwords.
With this in mind, providing some kind of directions for creating passwords can be beneficial for helping users to create complex passwords that are easy for them to remember (because most organizations have strong policies against storing passwords).
My First Favorite: Mnemonic Passwords
Put simply, it’s using an initialism which is similar to an acronym (see Daven Hiskey’s “The Difference Between an Acronym and an Initialism” for more clarity if needed). Here’s an example:
“May the force be with you always, young Jedi” (Whitman, 2016).
Simple, right? Depending on the selected phrase or quote, the possibilities are endless, and trying to guess a password of that complexity is less likely to be successful than if the user were to choose a word or series of words that made sense such as PurpleHorse02! or SeaShells88? However, passwords like these are not completely out of the question.
My Second Favorite: Word-Alteration Passwords
The above examples aren’t unsecure, but they could certainly be made more secure with some added alterations:
PurpleHorse02! — becomes — Prp1h0rs3!
SeaShells88? — becomes — s33she11S?
The new password versions are more complicated than the originals, but still relatively easy to remember.
These are my favorite ways of coming up with new passwords; however, Kevan Lee offered other methods to creating a secure password besides the ones I mentioned above:
1. PAO (Person, Action, Object) Method
What does this mean? It means you take familiar things to you and create something you’ll remember. Example:
Donald Trump, flying, laptop — becomes — DTfl!lpt0p / lapT*Pf1iDT / T0p1apfl!DT
2. PMM (Phonetic Muscle Memory) Method
(1) Use a random password generator (2) scan passwords for things you can sound out in your head (3) test typing them out in a text file (4) keep the passwords that your muscles like to type and that you can “hear”
Don’t reuse your passwords.
Be careful where you store your passwords.
NOTHING CAN BE 100% SECURE – EVER!
Feel free to add to this post, comment below!
Pilar D. R., Jaeger, A., Gomes, C. F. A., & Stein, L. M. (2012). Passwords Usage and Human Memory Limitations: A Survey across Age and Educational Background. PLoS ONE 7(12): e51067. https://doi.org/10.1371/journal.pone.0051067
Whitman, M. E. & Mattord, H. J. (2016) Policies, Practices, Standards, Guidelines, and Procedures. Principles of Information Security (161-162).