Some thoughts on our passwords

Article Index

Basically in an ideal world, your passwords need three properties to do the job well enough and keep you safe:

  1. Complex: to make them resistant to brute force.
  2. Unique: different passwords to make sure that if you lose one, you're still okay everywhere else.
  3. Memorable: what are they worth if you forget them, right?

So far creating the perfect password has been thought to be impossible, as, according to theory, you will definitely end up breaking at least one of the above criteria. For example if you create complex passwords which are unique everywhere, you will end up forgetting them. If you come up with a complex password which you will remember for sure, it means that you're not using different, unique passwords everywhere. Tough cookies, right? Well maybe not completely, if you use the trick below.

Passwords

Here is a trick that could save you a bit of the hassle, generating unique passwords without having to remember more of them than your fingers. In fact, all you need to remember is one single password. To make it different each and every time though, we'll use the name of the website or service we are using them on to create different passwords each time. For our example, let's go with the simple password Batman#422 to begin with.

Batman#422
Our basic fireplace password.

The idea is to use the name of the service or site we are using the password on (from now on I'll refer to this as source) to spicy it up differently every time. For a start, let's say we take the first letter from the left of the source every time, and insert it as the first letter from the left into our password. This means that on Amazon we'd take A, on Twitter we'd take T, on Facebook we'd take F, and would simply put these letters in front of our basic password.

ABatman#422
Our password on Amazon.

This is already pretty cool, and it means we have a different password each and every time, while having to remember only one. If we go one step further, we can solve another issue. Edward Snowden in his interview on the previous page was talking about dictionaries hackers are using to brute-force their way through passwords. And let's face it, any decent dictionary would have Batman in it, as well as "Bat", and "man", separately. To overcome this, we only need to insert two letters from the source into our password instead of one. Let's say we always take the second letter from the left from the source, put it in as the second letter from the left into Batman, then take the second letter from the right, and put in as the second letter from the right into Batman.

Bmatmaon#422
Our dictionary-safe, always different password on Amazon.

Bwatmaen#422
The same thing on Twitter.

Bnatmaan#422
And finally on Instagram.

Bmatmaon#422, Bwatmaen#422 and Bnatmaan#422 look and feel pretty random, they are not in any dictionary, and are always going to be different depending on which site you are using them on (plus you can always choose a more complicated base password of course). Also, if you're paranoid, you can tweak this further by swapping the letters around or going with the next or the previous letter in the alphabet, so instead of the "m" of Amazon you could write an "n" for example. This of course requires a bit of thinking every time, but it gets quicker the more you use it. It also can be a lot of a bit of fun, when you have no idea what password you used for a service back then, you assemble this, and presto, it just works: I had this experience at Riot not too long ago with our Adobe Cloud services. Felt great!

Don't forget though that everything and anything can be hacked, cracked and broken into, it just depends on how much time, energy, and/or money someone is willing to spend to do it. Still, using the method above you'll make sure your passwords are both complex, memorable and unique, which, in theory at least, makes them pretty strong. At least until you don't end up trading them for a bar of chocolate.

Related material:


Disclaimer: the articles on this website solely represent my personal views, opinion, ideas, etc., and although they might be similar in nature, concept or vision, they do not, under any circumstances represent the views or opinion of Riot Games, Just Another, Managerzone, or any other person, firm, or entity. Click here for more info.