Passwords: Methods for a Modern Bane

Posted by Mark Everett Hall

My first password was to an IBM System 38 MRP application in 1978. It was four characters long. I chose my first name. I could have picked my last name, I suppose, but the system administrator had already used that as my log-in. To the best of knowledge, no one hacked in using my credentials.


Today, of course, we all have a few dozen password-protected computers, Web sites, applications, ATMs, and other systems that we need to authenticate ourselves to in order to get access. And those passwords are constantly being sought by criminal hackers through various means, the most recent newsworthy event being the massive phishing attacks on Gmail, Hotmail, and Yahoo Mail accounts.


Experts tell us we need to make our log-in credentials strong, which is to say complex, which is to say eminently forgettable. Add to this bit of difficult advice, we're supposed to change them regularly. Plus, we are told, never ever, ever write them down. All the advice is common sense, and all of it adds to the bane of using passwords.


Keep it enigmatic


For those of you who trust password-management tools, there are dozens and dozens to choose from. But my fear is that the software will one day fail or get hacked and I could lose everything instead of just a single compromised account.


So, over the years I've developed a method to create strong passwords that I can remember. For example, I've lived in a number of cities and on quite a few streets, yet it remains a limited universe of possible terms to remember. Once I choose a city or a street, say, "Jackson," I'll break it up into syllables and intersperse numbers or symbols. So, my old street name becomes "Jack2%0son0%9", with the numbers and symbols changing based on the year I lived there. For me, it's easy to remember and simple to change.


Another approach, used by a friend, not me, of course, is to take three vile four-letter words, mix up the letters in each word, and break them up with a pair of suggestive symbols or numbers. She says it's always worked for her.


A more literary friend takes a short name from a classic book title like Moby Dick and adds the author's birth and death dates to it some fashion. Of course, with Herman Melville it might get confusing since he was born in 1819 and died in 1891.


Then there's my buddy Bob. He claims he simply writes his name then follows it with a number and increments it a few times, such as "Bob1Bob2Bob3Bob4." He says he's up to around "Bob101Bob102Bob103...."


Have any of his accounts ever been hacked? "Nah," replies. "Because sometimes I spell my name backwards."