The first rule of passwords is, “We do not use the same password everywhere.”
The second rule of passwords is “WE DO NOT USE the same password everywhere!”
There have been plenty of well-publicised losses of data by various organisations where user names, email addresses and passwords have been obtained. You may have never actually purchased from JustBeenHacked Ltd, but have signed up to their newsletter with your standard username and password. That same username and password you frequently use across the internet includes sites that will contain your financial details. With these details in criminal hands you could well be in for an awkward and potentially costly spot of bother.
One of the obvious but often overlooked principles is that the PC/network logon password must be memorable for the user.
If the password is impossible to learn, the user will simply write it down. On more than one occasion we have found a user password written on a post-it note…….attached to the monitor. (Top draw of the desk is the next favourite place to look, followed by under the keyboard).
Use a mnemonic to arrive at a memorable password
Our preferred method of arriving at passwords is to use mnemonics and to apply a couple of further techniques to adjust the appearance of the resulting password.
1. Let us start with the opening lines from a familiar nursery rhyme.
“Mary had a little lamb,
Its fleece was white as snow”
2. Take the initial letters of each word, so we arrive at:
“mhallifwwas”
3. Now we can swap a couple of letters out for numbers e.g. i = 1, s = 5, so we then have:
“mhall1fwwa5”
4. Now use the shift key with every other character. Mixing upper and lower case letters in a password is good though, when asked to do so, many users only capitalise the initial letter (or risk forgetting which were capitalised if more are chosen). Simply making every other character a shifted one gives an easy to remember sequence, with the added benefit that the shifted 5 gives us a special character to end the password. Now we have:
“MhAlL1FwWa%”
5. Now take the third and fourth character of the website to which you are logging on. Add these two characters onto the end of the password.
For www.facebook.com we would take the “c” and “e”
For www.amazon.co.uk we would take the “a” and “z”
6. Shift alternate characters and convert some letters to numbers, e.g. “e” could become “3” whilst “z” could become “2”
7. Add these two additional characters as a suffix to our known password. The results;
www.facebook.com has a password of MhAlL1FwWa%c£
www.amazon.co.uk has a password of MhAlL1FwWa%a”
Try and memorise the above line of characters and you may well struggle. However, I’m sure you remember the opening lines to “Mary had a little lamb” and now, with the simple act of knowing which letters become numbers and which characters are shifted we arrive at a very secure password which is easy to type out – just don’t sit there mouthing the words of the nursery rhyme!