Generate mnemonic strong passwords
This article was written by habor user stboris in the framework of the idea of " Green card " .
In my life, I often encounter the need to come up with a password for my (and also not my) new account / login.
Passwords must be rather complicated, otherwise they can be easily picked up (hello to the happy owners of the god, sex, love passwords). Also, they should be as different as possible. if you even come up with a very complex password, but use it everywhere, it can easily lead to compromise.
Remember a few dozen passwords consisting of a random set of letters of different registers, numbers, special characters is not such a trivial task.
')
My memory works according to some special principle, something like “I remember here, I don’t remember here.” I met a girlfriend of my friend 4 times, could not remember her and that's it. But my memory has a bonus - it works very well with associations.
And still, I used to play quite a lot of different toys: Kwaku, Lingagu, WoW and a lot of network stuff and noticed not very long ago that they often use not only letters, but also numbers and special characters to write down nicknames.
So, once, comparing all this, I came up with my own method of generating passwords (maybe someone had thought of it before me, but I haven’t seen it yet). I have been using it for a long time, but still have not made clear rules for it. So I decided to write this article and use it to bring the method to the mind and at the same time share it with people.
Create a method by which it would be easy to come up with strong, but easy to remember passwords.
Suppose I decided to play the online game “Vegetable Tycoon” (the game was invented, all the coincidences are random). I create an account there and I need a password.
For easy memorization, the password should be meaningful, i.e. it must be a word or phrase. Many people know that a person remembers associations well, so ideally this word / phrase should be associatively tied to what we are creating a password for.
I had an association "eggplant"
In order to avoid evil (problems with encoding), the password must use the English layout. Also, the word / phrase in the password should not be written in Russian (in Ukrainian, Arabic, Chinese, etc.) using the English layout, otherwise you can very strongly interlock with the absence of a Russian (substitute for choice) keyboard. You also can not use translite, because There is no single standard for transliteration. Hence the moral - the most logical solution would be to translate a word into a language that uses only the Latin alphabet (no diacritical marks, Cyrillic, hieroglyphs, etc.). For example, English or Latin. By the way, the use of Latin in this case is very interesting - no one in their right mind would ever make a dictionary for the brute force for Latin.
Since I do not know Latin - translate into English. It turned out - aubergine
The password must contain letters in different registers. For ease of memorization, we translate half of a word into upper case. There are also several options: the right - the left half and, if the number of letters is odd, with an average or without.
I take the first half with the middle letter and translate into upper case. It turned out - AUBERgine
Also in the password must be present numbers and special characters. For this, it is necessary for a part of the letters of the alphabet to come up with a replacement of visually similar symbols and numbers. The password after this will remain quite readable. By the way, for cool hackers and pro-gamers, this is nothing new, many of them write their nicknames like this. For example, a = @, e = 3, i =! etc. Nuance - it is not necessary to replace the entire alphabet, just a certain part is enough, since it may happen that the password will consist of only special characters - this is also not very good.
There is an option to use special characters only from the numeric keys, because if in any service it is not possible to use special characters, you simply “downshift” them to the corresponding numbers. For example @ = 2,! = 1, etc.
Apply replacement. It turned out - @ UB3Rg! N3
In the case of a service that does not allow the use of special characters. It turned out - 2UB3Rg1n3
For this, the concepts of "opening" and "closing" symbol are introduced. Sometimes you need to make the password shorter (sometimes, put a limit on the length) for this we can remove the "characters". Some services work crookedly with passwords that start with special characters. In particular, Aurvote for the Arch Linux distribution does not properly handle passwords that begin with the “$” character. Therefore, it may be logical to make the “opening” symbol a digit, and the “closing” symbol is a special character.
I add the “opening” number “1” and the “closing” special symbol “)”. It turned out - 1 @ UB3Rg! N3)
Well, mine is not so bad - an eleven-character password containing all types of characters and at the same time is quite readable, by and large, you only need to remember the word association.
In this article, I specifically did not give ready-made solutions, because Anyone who wants to use this system should choose certain points on his own, depending on what he likes and what he will remember better.
Relative resistance to selection, ease of remembering, speed of password generation (I used to, sat an hour earlier trying to come up with a good password), modularity (you can discard those rules that you don’t like or add new ones).
There may be some minor problems if you type on a non-standard keyboard, but this can be solved (find the standard layout image on the Internet). This password is weaker than a randomly generated password, because You can make a dictionary based on these rules, but no one bothers you to add your own rules, about which no one but you know.
In any case, this is not a panacea, but, like so much in our lives, a compromise between reliability and convenience.
Regular password changes increase security. Changing rule options improves system reliability, but makes it difficult to recover a password in memory after a long time. The same passwords in different places greatly reduce security. If someone knows the answer to your security question, no password will help. There are many more options on how to steal your password so that a strong password is not a panacea and there is still a lot to follow, but this is beyond the scope of this article.
In this article there is not a word about programs for storing passwords due to the fact that the article is not about them =) Especially since I do not use any of them yet, because there was simply no chance / periodically I forget a flash drive somewhere / not everywhere you can pull a flash drive, and you still need to enter passwords. And in general, one does not interfere.
Constructive criticism is welcome.
UPD: The mention of Esperanto has been removed, because, as it turned out, there are diacritical marks in Esperanto. I apologize to all those whom I misled or offended.
In my life, I often encounter the need to come up with a password for my (and also not my) new account / login.Passwords must be rather complicated, otherwise they can be easily picked up (hello to the happy owners of the god, sex, love passwords). Also, they should be as different as possible. if you even come up with a very complex password, but use it everywhere, it can easily lead to compromise.
Remember a few dozen passwords consisting of a random set of letters of different registers, numbers, special characters is not such a trivial task.
')
My memory works according to some special principle, something like “I remember here, I don’t remember here.” I met a girlfriend of my friend 4 times, could not remember her and that's it. But my memory has a bonus - it works very well with associations.
And still, I used to play quite a lot of different toys: Kwaku, Lingagu, WoW and a lot of network stuff and noticed not very long ago that they often use not only letters, but also numbers and special characters to write down nicknames.
So, once, comparing all this, I came up with my own method of generating passwords (maybe someone had thought of it before me, but I haven’t seen it yet). I have been using it for a long time, but still have not made clear rules for it. So I decided to write this article and use it to bring the method to the mind and at the same time share it with people.
Task
Create a method by which it would be easy to come up with strong, but easy to remember passwords.
Decision
Suppose I decided to play the online game “Vegetable Tycoon” (the game was invented, all the coincidences are random). I create an account there and I need a password.
Meaningfulness
For easy memorization, the password should be meaningful, i.e. it must be a word or phrase. Many people know that a person remembers associations well, so ideally this word / phrase should be associatively tied to what we are creating a password for.
I had an association "eggplant"
Latin
In order to avoid evil (problems with encoding), the password must use the English layout. Also, the word / phrase in the password should not be written in Russian (in Ukrainian, Arabic, Chinese, etc.) using the English layout, otherwise you can very strongly interlock with the absence of a Russian (substitute for choice) keyboard. You also can not use translite, because There is no single standard for transliteration. Hence the moral - the most logical solution would be to translate a word into a language that uses only the Latin alphabet (no diacritical marks, Cyrillic, hieroglyphs, etc.). For example, English or Latin. By the way, the use of Latin in this case is very interesting - no one in their right mind would ever make a dictionary for the brute force for Latin.
Since I do not know Latin - translate into English. It turned out - aubergine
Register
The password must contain letters in different registers. For ease of memorization, we translate half of a word into upper case. There are also several options: the right - the left half and, if the number of letters is odd, with an average or without.
I take the first half with the middle letter and translate into upper case. It turned out - AUBERgine
Special characters
Also in the password must be present numbers and special characters. For this, it is necessary for a part of the letters of the alphabet to come up with a replacement of visually similar symbols and numbers. The password after this will remain quite readable. By the way, for cool hackers and pro-gamers, this is nothing new, many of them write their nicknames like this. For example, a = @, e = 3, i =! etc. Nuance - it is not necessary to replace the entire alphabet, just a certain part is enough, since it may happen that the password will consist of only special characters - this is also not very good.
There is an option to use special characters only from the numeric keys, because if in any service it is not possible to use special characters, you simply “downshift” them to the corresponding numbers. For example @ = 2,! = 1, etc.
Apply replacement. It turned out - @ UB3Rg! N3
In the case of a service that does not allow the use of special characters. It turned out - 2UB3Rg1n3
Password length
For this, the concepts of "opening" and "closing" symbol are introduced. Sometimes you need to make the password shorter (sometimes, put a limit on the length) for this we can remove the "characters". Some services work crookedly with passwords that start with special characters. In particular, Aurvote for the Arch Linux distribution does not properly handle passwords that begin with the “$” character. Therefore, it may be logical to make the “opening” symbol a digit, and the “closing” symbol is a special character.
I add the “opening” number “1” and the “closing” special symbol “)”. It turned out - 1 @ UB3Rg! N3)
Well, mine is not so bad - an eleven-character password containing all types of characters and at the same time is quite readable, by and large, you only need to remember the word association.
Total
In this article, I specifically did not give ready-made solutions, because Anyone who wants to use this system should choose certain points on his own, depending on what he likes and what he will remember better.
pros
Relative resistance to selection, ease of remembering, speed of password generation (I used to, sat an hour earlier trying to come up with a good password), modularity (you can discard those rules that you don’t like or add new ones).
Minuses
There may be some minor problems if you type on a non-standard keyboard, but this can be solved (find the standard layout image on the Internet). This password is weaker than a randomly generated password, because You can make a dictionary based on these rules, but no one bothers you to add your own rules, about which no one but you know.
In any case, this is not a panacea, but, like so much in our lives, a compromise between reliability and convenience.
Recommendations
Regular password changes increase security. Changing rule options improves system reliability, but makes it difficult to recover a password in memory after a long time. The same passwords in different places greatly reduce security. If someone knows the answer to your security question, no password will help. There are many more options on how to steal your password so that a strong password is not a panacea and there is still a lot to follow, but this is beyond the scope of this article.
Programs for storing passwords
In this article there is not a word about programs for storing passwords due to the fact that the article is not about them =) Especially since I do not use any of them yet, because there was simply no chance / periodically I forget a flash drive somewhere / not everywhere you can pull a flash drive, and you still need to enter passwords. And in general, one does not interfere.
PS
Constructive criticism is welcome.
UPD: The mention of Esperanto has been removed, because, as it turned out, there are diacritical marks in Esperanto. I apologize to all those whom I misled or offended.
Source: https://habr.com/ru/post/49678/
All Articles