Currently users are forced to remember hundreds of passwords to websites and various other authentication systems which require passwords. Due to the wide variety of systems many end users to manage the large numbers of passwords which is complicated to keep straight when you are using a strong password which expires on a rotating schedule. In the original article it was suggested to create an uncrackable password was to put characters from all 5 of these rows in your passwords to increase the time it takes to get cracked and when possible use ALT-Chars which makes passwords uncrackable.
0123456789
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
~!@#$%^&*()_+{}:"<>?|
`-=[];',./\
Mnemonic Passwords are passwords that are derived from simple passwords which the user will remember with ease but they use mnemonic substitutions to give the password a more complex quality. Leet-speaking a password is a simple example of this technique. For example, converting the passwords ``password'' and ``combobulate'' into leet-speak would result in the passwords ``p@ssw0rd'' and ``c0mb0bul@t3''.
The issue of managing multiple passwords has given rise to insecurities related to selection and reuse of the same passwords. Users tend to pick one good password and reuse it on several different systems. Problems arise if one of the systems is compromised all the systems with the same password are put at risk.
A well designed formula should result in a password with the following properties:
1. A seemingly random string of characters
2. Long and very complex, therefore difficult to crack via brute force
3. Easy to reconstruct by a user with knowledge of only the formula, themselves, and the target authentication system
4. Unique for each user, class of access, and authenticating system
Step1:
Start out with a strong password: P@ssW0rd11!!
Step2:
Decide on a formula to use mine will substitute 1st, 3rd and 7th letters of my password with the characters from whatever domain I happen to use the password on.
The above formula would yield such passwords as:
0123456789
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
~!@#$%^&*()_+{}:"<>?|
`-=[];',./\
Mnemonic Passwords are passwords that are derived from simple passwords which the user will remember with ease but they use mnemonic substitutions to give the password a more complex quality. Leet-speaking a password is a simple example of this technique. For example, converting the passwords ``password'' and ``combobulate'' into leet-speak would result in the passwords ``p@ssw0rd'' and ``c0mb0bul@t3''.
The issue of managing multiple passwords has given rise to insecurities related to selection and reuse of the same passwords. Users tend to pick one good password and reuse it on several different systems. Problems arise if one of the systems is compromised all the systems with the same password are put at risk.
Mnemonic Password Formulas
A Mnemonic Password Formula(MPF)is a memory technique utilizing a predefined, memorized formula to construct a password on the fly from various elements of the website or system that you are generating a password from.A well designed formula should result in a password with the following properties:
1. A seemingly random string of characters
2. Long and very complex, therefore difficult to crack via brute force
3. Easy to reconstruct by a user with knowledge of only the formula, themselves, and the target authentication system
4. Unique for each user, class of access, and authenticating system
Step1:
Start out with a strong password: P@ssW0rd11!!
Step2:
Decide on a formula to use mine will substitute 1st, 3rd and 7th letters of my password with the characters from whatever domain I happen to use the password on.
The above formula would yield such passwords as:
- "I@gsW0rm11!!" for digg.com
- "M@lsW0rm11!!" for gmail.com
- "E@osW0rs11!!" for del.icio.us
- "O@esW0rm11!!" for youtube.com
No comments:
Post a Comment