Justin du Coeur (jducoeur) wrote,
Justin du Coeur

Password algorithm: songs

I was just reading a thread discussing the annoying tendency of modern corporate computer systems to force everybody to change passwords frequently. (A policy I think is fairly stupid, but that's a separate discussion.) Several folks were complaining about the difficulty of coming up with new passwords that were long enough, included upper and lower case, numbers and symbols, that aren't subject to a dictionary attack. And it occurred to me that at least some folks probably don't know the approach that I learned moderately recently, which seems to be working well: songs and poems.

Specifically, the trick is to take a line (first or otherwise) from a song or poem you know well, and anagramatize it. Take the first letter of each word, more or less. Use capitals for the beginning of the line, and any proper nouns therein. Use numbers for numbers. Use texting abbreviations for words like "for", "to", and "you". Use appropriate symbols in place of words like "and", "at", and "or". Use commas, periods and semicolons as appropriate. Obviously, you can't use just any random line and still get a sufficiently strong password, but there are a very large number that do work decently well.

I was introduced to this idea a few months ago, when I started my consulting gig: one of the sysadmins handed me a password that appeared to be utter gibberish until he clued me into which line it was, which turned it into a remarkably easy-to-remember mnemonic. So I've picked this approach up for most of my passwords since. The results sometimes come out a bit long and slow to type, but they are at least relatively easy to remember, which is usually the more important problem for me.

So if you're looking for acceptable passwords, keep this in mind as an option. Used judiciously, it's a good way to produce passwords that are both strong and memorable...

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded