COMPLIANCE COUNSELOR
Pattern-based passwords: Easy to remember non-dictionary-based passwords
Cragin Shelton
08.21.2001
Rating: -4.12- (out of 5) Hall of fame tip of the month winner
Pattern-based passwords: Easy to remember non-dictionary-based passwords
This tip was submitted to the searchSecurity Tip Exchange by user Cragin Shelton. Let other users know how useful it is by rating the tip below.
Password selection and management is a fundamental problem for all security-conscious users. We don't want to have passwords written down, so we encourage users to memorize them. But easy-to-remember passwords are also easy-to-guess passwords. They are often susceptible to dictionary attacks (common words) and personal profile attacks (birthdates, pet names, family member names). Hard-to-guess passwords (particularly system-generated random or pseudo-random passwords) are also hard to remember. You can guaranty that users will write down such hard-to-guess (and thus hard-to-remember) passwords.
To avoid dictionary and profile password attacks you often see a set of password generation rules recommended, such as the following:
Have at least six or seven characters.
Include at least one upper case and at least one lower case alphabetic character.
Include at least one numeric digit.
Include at least one non-alphanumeric symbol, e.g. &, $, %, etc.
These rules can work well, but still in general result in hard-to-remember passwords.
Here is a tip on how to generate passwords that are not dictionary words, can follow the above guidelines and are easy to remember. Generate your passwords using physical patterns on the keyboard.
Specify a pattern for the key selection, a pattern for using the SHIFT key, and designate the initial key for the password. As long as your pattern includes at least two keys from the top row of the QWERTY keyboard, you can ensure inclusion of numbers and symbols (with SHIFT key applied to one).
Type each of these examples yourself to see the pattern on the keyboard:
V-pattern: 1qazse4
V-pattern with Ab-SHIFTING: !qAzSe$
V-pattern with aB-SHIFTING: 1QaZsE4
V-pattern with Abc-SHIFTING: !qaZse$
V-pattern with abC-SHIFTING: 1qAzsE4
Reverse V-pattern: 4eszaq1
You can develop your own patterns of X, A, Z, W, L, U, N, M, box, etc. and add more complexity by incorporating alternate-hand typing patterns and mirror images.
Another set of patterns results from using a left hand pattern on the QWERTY area and a right hand pattern on the numeric keypad, such as this: q7z1r9v3.
For added security, keep a set of two, three or four different patterns in your head. When it comes time to change passwords, change to an alternate pattern as well as a new initial key.
Important: If you teach this pattern technique to others, do NOT tell them your favorite patterns! If they know your pattern, they can easily run through an exhaustive set of that pattern with each possible initial key on the keyboard.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
