Thursday, 5 July 2012

Password Schemes

Although, systems have sprung for single signon, they have not been used to their fullest value; they are either not implemented, are segregated, i.e. there are many single sign ones, or simply because users don't want to link their different accounts together.
In reality, now a days, almost everyone using computers, have to manage multiple passwords.
There have been many passwords choice tips:
  1. Use strong passwords
    • Don't use dictionary words
    • Don't use names in the family
    • Don't use dates common to your family
  2. Don't use the same password or multiple systems
Most of the systems suggest to use strong passwords, some even do not accept simple password not meeting their password complexity requirements.
But this all makes the problem of remembering passwords really hard. People tend to forget which password is for which system. They try to guess and a number of tries later they click the "forget password" link in the system, very often.
To get by this, I have seen that some people write their passwords down, which poses a huge security risk; once a person get hold of your diary, you are exposed to a large extent.
Some time back, I devised a scheme, which I have been using quite successfully. I would share the scheme here.
  • Pick a word (or perhaps a phrase), a better choice would be something that you think might not be present in a dictionary. Make up your own. (We will call this secret word)
For example, ghatinum
  • Chose a a formula to mix two words to make a complex word
We will use this formula to mix our secret word and a context word (I will come to the context word later).
This formula can be simple or can be complex, the more complex the formula is the more secure your password systems is.
Lets say, You choose the formula
a) Pick the letter two letter bigger than the first letter of the context word,
So if the first letter is 'a' pick 'c', if it is 'd' pick 'f'. You can wrap around 'z' to 'a', it if is 'y' pick 'a', if it is 'z' pick 'b'.
b) Pick the letter one letter smaller than the third letter of the context word
So, if the third letter is 'c' pick 'b', if the third letter is 'h' pick 'g', wrap around 'a' to 'z', so if it is 'a' pick 'z'.
c) pick a number say '3'.
d) pick a symbol say '$'
e) Now, insert  your pickings as in a to d above and insert them in to specific places in your secret word.
let me choose 1st for a, 5th for b, c, and d (concatenated)
f) the resulting word is your password
Example, lets the context word be google
So your password would become.
a) first letter is 'g', so our pick would be 'i'
b) third letter is 'o', so our pick would be 'n'
c) '3'
d) '$'
e) insert 'i' at 1st, 'n3$' at 5th.
f) so the password becomes ghatinum + formula = "ighatin3$num".
If your context word is skype, the password becomes "ughatix3$num
  • You probably have guessed what is the context word, this is a word that represents the context in which you are trying to log in. This way you would have different passwords for different systems, but you only need to remember two things (you secret and the formula).
google, skype, facebook, office (for office computer), home (for home computer), pearl (another office computer name) could be the context words.
Now, I have chosen a fairly complex formula here, this may be overwhelming for some, so you could choose a simpler formula, say only picking the first letter of the context word and prepending with it and 3$ in your secret word. For example, for google, your password could be g3$ghatinum, which probably is better than older usual method. You can any formula to your liking.
This seems difficult, but once used to chosen scheme fairly quickly and then its just a breeze remembering passwords and logging in.
Another piece of advice, define two schemes of formulas and secret words to be more secure: one scheme you use for more secure logins, which you trust more like your computers, bank account, email etc, and another scheme for general websites

No comments:

Post a Comment