By searchSecurity Users Some companies include guidelines in their security policy for creating user passwords. While these guidelines are developed with the intent to strengthen password security, they can make remembering passwords difficult. It doesn't do any good to have strict guidelines if users write their passwords on sticky notes to remember them. But with a little creativity, companies can benefit from the protection of strong passwords that are also user-friendly. Users who have developed their own password generators submitted the tips below to searchSecurity. If you have a different method for creating secure passwords, submit it to searchSecurity. Chuck Steffel suggests a new use for old phone numbers I have worked on several systems logins that require 14 digit passwords and password rotation every 60 days. I do not always remember passwords, so I use a code with a numerical beginning and ending concatenated to a name. I keep passwords in the cell phone telephone listing and in my written phone book. The nonsense listings are real people whom I would never call and dead relatives with valid area codes, etc. I have a listing of numbers (ready-made passwords) for when I get the password expiration message. For example, decoding the telephone listing:
Charlie Peterson 651 319 1761
produces passwords such as:
319charlie1761 or 1761charlie319
319charlie1761 or 1761peterson319. For systems that screen for real words,
1671eilrahc913 or 319eilrahc1671
1671osretep913 or 319osretep1671 The reordered phone numbers are easy to find in a cell phone or datebook. A simple PDA program can do the sorting. Mark Farrar puts his mind to work with mnemonics One of my interests is mnemonics (i.e. memory training techniques), and there is a relatively little known technique called the Figure Alphabet. This Figure Alphabet allows numbers to be converted into words, and its original purpose was to enable you to remember numbers by converting them into something more tangible and, consequently, easier to remember. You can find out more at http://freespace.virgin.net/mark.farrar1/mnefa01.htm, if you are interested. However, the Figure Alphabet may also be used "backwards," i.e. words can be converted back into a number, and the system will always generate the same number for the same word. My tip, therefore, is to use any password that is easy to remember for you (e.g. your wife's name) and convert it, using this Figure Alphabet, into a number. As an example, my wife's name is Carol Farrar, which would convert into the number 745844, which is just as easy to remember but much harder to guess. I know this sounds complicated, but the Figure Alphabet takes all of half an hour to learn -- at most! -- and it is a useful tool for daily life and work, as well.
SearchSecurity Bookstore Information Security Policies and Procedures: A Practitioner's Reference