Thinking up good but memorable passwords

Discussion in 'Community Discussion' started by Applespider, Feb 20, 2006.

  1. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #1
    I was talking to someone at work today about thinking up memorable passwords which were secure enough not to be easily guessed.

    He came up with a few options like taking two old car number plates and mixing them up or using two old pet names and mixing up the first initials etc But two of the rest of the group still go confused.

    I countered with my usual method for coming up with an 'interesting' password which is to think of a song lyric (the more obscure the better) and use the first initial of each word in the line which generally comes up with something weird enough that it comes up flagged 'green' in OS X's password finder (I just don't find any of those generated to be memorable enough) but easy enough to remember just by singing along in your head

    So at Christmas you might have 'Hark the herald angels sing, glory to the new born king' which would give you a password of hthasg2tnbk - not great in terms of numbers/letters mix but you get the idea!

    Anyone else got any foolproof methods of coming up with secure but memorable passwords?
     
  2. macEfan macrumors 65816

    macEfan

    Joined:
    Apr 7, 2005
    Location:
    Forbidden, you do not have access to that server
    #2
    thats a good sugestion. I can't remember my passords very well, as I have too many of them... I write them down and lock them in my file cabinet. Only the important ones i only remember in my head. I don't write passowords to anything with sensitive information.
    If you can't remember passwords, consider a biometric finger device. it will use your finger as a verification device. I find it quite nifty.
     
  3. Lau Guest

    #3
    I use a 'theme' and then use that theme for all my accounts. Lets say, for the sake of arguments that it is a colour. (It isn't :p)

    This is split into sections, say 3 - spammy hotmail type unsecure passwords, medium security (online shopping details etc) and uber-security (website FTP password, primary email accounts, banking, etc)

    In the colour example spammy might be "red", medium might be "navyblue" and uber might be "cadmiumyellow". I then mix these with numbers or symbols, say into "r3d", "n9*yblu8" and "c8dm1)mye110£" or similar.

    It means I only have to remember a few passwords, but hopefully they're quite secure, which is nice. :)

    ----------------

    One of the interactive media tutors at college uses one password which he then adds the name of the site to for each site e.g. yellowamazon, yellowmacrumors, etc, which I thought was a good idea for all the hundreds of shopping sites etc that require a password.
     
  4. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #5
    Another way I've found convenient is to interleave two words from a poem/address/song lyric/etc... e.g. using the example AppleSpider used you could end up with HaEnRgAeLlDs from "herald angels", there are variations based on how you mix uppercase and lowercase and include punctuation and symbols or numbers.

    Another one that is useful is to make a phrase that includes one of the symbol keys as part of the phrase. e.g. *Jones (Star Jones) or |layer (pipe layer) or PayThe|er (pay the piper) Fun@TheBeach (too clear).

    B
     
  5. Applespider thread starter macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #6
    Having now reread your post, I've remembered it but I did have a quick search on password to see if it was here that I read it but it didn't pop up in the first few pages... Ah well.. consider a reminder for those who weren't around 18 months ago ;) I didn't even recall see Stubeeef's recent comment on there
     
  6. Abstract macrumors Penryn

    Abstract

    Joined:
    Dec 27, 2002
    Location:
    Location Location Location
    #7
    Who cares, it was 18 months ago. Carry on.


    My password is my old phone number, including the area code.
     
  7. EGT macrumors 68000

    EGT

    Joined:
    Sep 4, 2003
    #8
    I have a system similar to Applespider's.

    I only have a few that I use between various things which isn't the best when you're trying to be secure. Which reminds me; does anyone use one of those password storing apps?

    No matter how secure they say they are, I still don't like the idea of grouping all my passwords together on computer. I have the main ones listed at home locked in my desk.

    If you try and steal anything the desk will shock you. :p
     
  8. cslewis macrumors 6502a

    cslewis

    Joined:
    Jul 23, 2004
    Location:
    40º27.8''N, 75º42.8''W
    #9
    My passwords are somewhat secure... but since I never remember each one for each service, i've limited myself to five. When I need to open one of my accounts, instead of digging out a directory of passwords, I just try each of the passwords until one works. And because I have five, there's no chance that i'll be 'locked out' from logging in.

    Yes, I realise that having the same passwords for different services isn't too smart, but am I really that important?
     
  9. w_parietti22 macrumors 68020

    Joined:
    Apr 16, 2005
    Location:
    Seattle, WA
    #10
    I usually use a pet name and year of their birth... I have lots of pets. :)
     
  10. emmawu macrumors 6502

    Joined:
    Jan 19, 2005
    Location:
    Wauwatosa, WI
    #11
    I like to think of "what would secret service code name be" like the Eagle for POTUS, or an old tv show you liked like star.trek_ng, or just MR.ED. :D
     
  11. mgargan1 macrumors 65816

    mgargan1

    Joined:
    Feb 22, 2003
    Location:
    Reston, VA
    #12
    what bothers me is when you have to change your password every couple of months!!
     
  12. mad jew Moderator emeritus

    mad jew

    Joined:
    Apr 3, 2004
    Location:
    Adelaide, Australia
    #13
    I just use "password". I assumed everyone did this. Patiently waits for the amateur hackers, latestepics in hand...
     
  13. rendezvouscp macrumors 68000

    Joined:
    Aug 20, 2003
    Location:
    Long Beach, California
    #14
    I'm not very secure about passwords. I have one main one, which I use for everything save a few exceptions, such as when a combination of letters and numbers is needed; about a year ago, I decided to start changing my passwords over to different things, but I only ended up changing my Google password.

    My main password is a combination of numbers that are the most important numbers in my life, but they have nothing to do with my birth date, social security number, etc.
    -Chasen
     
  14. applekid macrumors 68020

    Joined:
    Jul 3, 2003
    #15
    Or the more secure passw0rd. ;) (That was our default password for the accounts at school at the beginning of the year when our login accounts were reset)
     
  15. gauchogolfer macrumors 603

    gauchogolfer

    Joined:
    Jan 28, 2005
    Location:
    American Riviera
    #16
    I have a system at work that I like pretty well, since we have to change passwords every few months. It goes like this:

    Number=#+#!

    So, for example: Eight=4+4! or Seven=3+4!

    I rotate these through from 1 to 10, then I can use 1 again when the time comes. Of course, this can be (and has been, fyi ;) ) changed around to incorporate different characters. I think it gives a good mix of letters, numbers, special characters, and is reasonably long. OneHundred=47+53!! isn't going to get cracked very quickly.
     
  16. shirley macrumors member

    Joined:
    Jan 5, 2006
    Location:
    leeds, sunny england hmm
    #17
    thinking up memorable passwords

    i use my daughters name spelt backwards then add her date of birth
     
  17. OutThere macrumors 603

    OutThere

    Joined:
    Dec 19, 2002
    Location:
    NYC
    #18
    For websites that I don't really care about I use real words that I can type with my left hand. If they want a number on it I add a 1. :D

    For everything else, I formulate passwords as such:

    (word)+(symbols)+(number)+(symbols)+(word)

    for example I could have passwords like this:

    house*&*543&)cat
    eggmuffins@58!waterloo

    pretty secure and very easy to remember, relative to, say: FwU%$1058^%k*

    The words and numbers can be something relative to your life, like:

    (girlfriend's middle name)+(symbols)+(shoe size)+(symbols)+(hair color)
     
  18. Josh macrumors 68000

    Josh

    Joined:
    Mar 4, 2004
    Location:
    State College, PA
    #19
    Answering this thread is like saying "This is what I do - now take it as a hint and try to figure out my password!"

    lol

    Everyone has their own secret memories, and their own significance for certain words or phrases that might be meaningless to someone else.

    Mix and match some of those phrases that trigger strong memories for you, add in some numbers (and variations of letter case, if you're super paranoid), and you should be good to go.
     
  19. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #20
    If the word appears in a dictionary, or is a proper name, then interspersing it with numbers and/or alphanumerics IS NOT MAKING YOUR PASSWORD ANY SAFER.
     
  20. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #21
    abc123

    No seriously ... One of my methods for a simple password is to think of two people that I know having sex. And then I make the password as the initials of the first person 6 (6 is pronounced as sex in Norwegian) and then the initals of the second person. :D Then add some symbols of your own choice if you like.
     
  21. floriflee macrumors 68030

    floriflee

    Joined:
    Dec 21, 2004
    #22
    One thing I don't like are those sites that only let you use numbers and letters. Makes thinking up a good, memorable password that much more difficult. :p

    I guess this means I'll have to stop using "changeme"...
     
  22. Josh macrumors 68000

    Josh

    Joined:
    Mar 4, 2004
    Location:
    State College, PA
    #23
    Yes it is.

    Any good password cracking device (either human or computer) is not going to check against a pre-defined library of words and phrases.

    That would be fast, but terribley ineffecient. The success rate would be random and low.

    A good device will check 1 character at a time, going through all the possible characters. Once it goes through them all using 1 character, it will do the same with 2 characters, trying all possible combinations. Then, move on to 3 characters, etc.

    Obviously, this is going to take a very long time, but since it crawls every possible combination, it will eventually get it.

    However, using variations in symbols, letters (and case), with numbers, will indeed increase the amount of time it takes for such a bruteforce attack to work.

    Now, bruteforce attacks aren't very common these days, for 2 reasons:
    1) Most sites have a failure limit, and if you enter the wrong password X amount of times in Y amount of time, it won't let you try again - often an email is sent to the person who's login is being used, and sometimes to the site admin as well.

    2) Most passwords these days are hashed (often with a salt) using md5. What this does is converts your password to a (theoretically) irreversable string of data. The salt, which is a random string applied to the password before it is hashed, practically insures your passwords safety.

    Software-based attacks on your password are near useless on the net, especially on forums like MR. The md5 hash + salt would take years to figure out, and VB only allows 5 tries, so that amount of time is increased exponentially.

    If you want to get someone's password on an online forum, the best and most effecient way (unless you have access to the database and hash+salt of the user) is trying your best guess off the top of your head. Obviously this has an incredibly low success rate, and being that this is the most effecient, you can see just how hard it would be.

    Using a psychological profile of the person whose password you want would be your best bet.

    And, because insignificant letters, symbols, and capitlisation are entirely random, they increase the effectiveness of your password, as it's very unlikely a human will guess at those numbers, their placement, and so on.

    (More info on the subject: http://www.aspencrypt.com/task_password.html)
     
  23. maya macrumors 68040

    maya

    Joined:
    Oct 7, 2004
    Location:
    somewhere between here and there.
    #24
    We are living in an online and digital society that is constantly bombarded with usernames and passwords. Quite frankly I am getting feed-up with all this. BioMetrics hear my pray. ;) :)
     
  24. Timepass macrumors 65816

    Joined:
    Jan 4, 2005
    #25
    the use of numbers symbles letters in a password make it more secure in the fact that it can not be randomly guess. Brute force is block by guess limits. Now it takes knowing the person and a little thinking. With everything else in there it makes it just a little harder to do.

    For me I have a few basic passwords for none important things. Because my school is so picky about passwords after they found out that 10% of all the passwords used for eraider was the word Password they put in some very strick rules in place. drives me nuts but I have a few creative ways to come up with them.

    We are not allowed to have any part of the password appear in the engish dictinary, must contain at least 1 captical and 1 lowercase and a least 1 number or speical char.

    For me I just went to a bank of foreign words that I know. Came up with password from there. I know what it is in engilsh and what language I used to make it. Really easy to rememeber.

    Go to foreign words great way to come up with some.
     

Share This Page