Acronym-based passwords

Acronym-based passwords

Acronym-based passwords

This tip was submitted to the SearchSecurity Tip Exchange by user Keith Langmead. Let other users know how useful it is by rating the tip below.

Like a long running battle between nations, the battle over passwords has raged between users and their system administrators for years. The users typically aren't too concerned about security, they don't understand the real purpose of having it and they want to have a simple method to login. Administrators, however, understand all too well the need for security and would therefore prefer to see everyone using a hard to guess (and therefore by inference hard to remember) password, but without using the old standby of writing them down on a sticky note.

There is a simple method that can be used to fulfil both criteria, and thus keep everyone happy, using mnemonics. For anyone who is unsure, a mnemonic is where you shorten a phrase or sentence into a shorter word. There are a lot of these in common use on the Internet. For instance, BTW = by the way, ROTFL = roll on the floor laughing, etc.

As well as this, you can employ two other techniques to make the resultant password harder to guess, while easy to remember, by creating rules with which to decide which characters become numeric or non-alphanumeric and which become upper case characters.

Here's an example:

First create a simple phrase or sentence which will be easy to remember. For example, "my server administrator

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

lets me choose my own password." This then shortens to "msalmcmop." It's a long password, but should still be easy to remember.

Next, change some letters to other characters using the rule you have decided on earlier, so the string now becomes "m5@1mcmop."

Finally, change the case of some letters, again using the rule you decided on earlier. In this case I will convert all letters that are not next to a number or character to upper case. So, the end result becomes "m5@lMCMOP."

Now we have a system which the user can remember easily, but which would be very difficult for anyone to guess, without knowing the entire phrase used and the rules used to convert it.


This was first published in September 2001

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top