Acronym-based passwords

SearchSecurity user Keith Langmead offers this tip for creating secure passwords using acronyms.

Keith Langmead

Acronym-based passwords

This tip was submitted to the SearchSecurity Tip Exchange by user Keith Langmead. Let other users know how useful it is by rating the tip below.

Like a long running battle between nations, the battle over passwords has raged between users and their system administrators for years. The users typically aren't too concerned about security, they don't understand the real purpose of having it and they want to have a simple method to login. Administrators, however, understand all too well the need for security and would therefore prefer to see everyone using a hard to guess (and therefore by inference hard to remember) password, but without using the old standby of writing them down on a sticky note.

There is a simple method that can be used to fulfil both criteria, and thus keep everyone happy, using mnemonics. For anyone who is unsure, a mnemonic is where you shorten a phrase or sentence into a shorter word. There are a lot of these in common use on the Internet. For instance, BTW = by the way, ROTFL = roll on the floor laughing, etc.

As well as this, you can employ two other techniques to make the resultant password harder to guess, while easy to remember, by creating rules with which to decide which characters become numeric or non-alphanumeric and which become upper case characters.

Here's an example:

First create a simple phrase or sentence which will be easy to remember. For example, "my server administrator lets me choose my own password." This then shortens to "msalmcmop." It's a long password, but should still be easy to remember.

Next, change some letters to other characters using the rule you have decided on earlier, so the string now becomes "[email protected]"

Finally, change the case of some letters, again using the rule you decided on earlier. In this case I will convert all letters that are not next to a number or character to upper case. So, the end result becomes "[email protected]"

Now we have a system which the user can remember easily, but which would be very difficult for anyone to guess, without knowing the entire phrase used and the rules used to convert it.

This was last published in September 2001

Dig Deeper on Password management and policy

SearchCloudSecurity

Acronym-based passwords

SearchSecurity user Keith Langmead offers this tip for creating secure passwords using acronyms.

Dig Deeper on Password management and policy

For minimum password length, are 14-character passwords sufficient?

Construct a solid Active Directory password policy

passphrase

Security Think Tank: A good password policy alone is not enough

SearchCloudSecurity

5 PaaS security best practices to safeguard the application layer

Private vs. public cloud security: Benefits and drawbacks

How to create a cloud security policy, step by step

SearchNetworking

SolarWinds: Lessons learned for network management, monitoring

7 key SD-WAN trends to evaluate in 2021

10 network security tips in response to the SolarWinds hack

SearchCIO

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

Cloud, security top list of IT spending priorities

SearchEnterpriseDesktop

Otter.ai helps Google Meet stay competitive

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

How to choose between IaaS and SaaS cloud models

COVID-19 and remote work shift cloud predictions for 2021

ComputerWeekly.com

Vodafone unveils ‘instant’ Wi-Fi

BT connects Dutch diplomatic missions

Nine out of 10 UK card payments in 2020 were contactless