To cite this article: (1998) 10 Password-Generation Techniques for Users, Information Systems Security, 6:4, 8-9, DOI: 10.1080/10658989809342544 To link to this article: http://dx.doi.org/10.1080/10658989809342544
Published online: 22 Jan 2008.
Submit your article to this journal
Article views: 16
View related articles
Full Terms & Conditions of access and use can be found at
Downloaded by [112.133.232.13] at 06:54 16 March 2016
Techniquesfor Users
sers who want strong passwords
that they can remember should try one of the following password-generation techniques or use a combination of them. (For any password to be effective, that ass word must not be known or easily guessed; it must not be displayed, stored, or transmitted in the clear; and it must be remembered by the authorized user!)
4. Mirror a word (in either direction);
repeat process or truncate letters as needed to get appropriate length. GUS7TSUG BOYYOBBOY FLAREERA FILLLLIF 5. Use every other letter in a phrase until you have enough letters. NWSHTMFR: "Nowi l the time fol all ..."
1. Create a phonetic sentence using the
pronounced sounds of the letters, numbers. or special characters. IlOD24GET: "1 tend to forget."
TBONTOEH: "To be or not to be,
that .. ." 6. Use a number (e.g., the day or the month of your birthday) as an offset into a phrase, then use the letters from that point forward until you have enough letters for your password. You may elect to count spaces and punctuation or not. PERFECTU: "We the people, in order to form a more perfect union .. ." where my day of birth is the 30th. (I counted only letters.)
RULOSTIM: "Are you lost? I am!"
187#2DAY: "I ate seven pounds today." 2. Concatenate short, unrelated words. GOCATSAY BLACKAND GRASSPAW GRAYPOUR WINTEROF 3. Use the first letter of each word in a poem or song until you have enough letters (e.g., at least six). JAJWUTH: "Jack and Jill went up the hill ..." HINSNJA: "Help! I need somebody. Not just anybody ..." WWYAMCWW: "We wish you a merry Christmas. W e wish ..."
HENIGHTB: "Twas the night
before Christmas and all through the house ..." Where the number is 7. (I counted punctuation and spaces aswell as letters.) 7. Using the telephone keypad (but assigning "Q"and "Z" to the number "1") as shown, choose a number you can easily remember and translate it into letters. If your number includes a
Downloaded by [112.133.232.13] at 06:54 16 March 2016
zero, just keep the "0" as the character
for your password. You will note that for each number (except zero) you will have at least two letter choices. 12345678 QADILORT or ZBEHKNRU 24689753 CIMUXRLE or AGMTWPJD 10078699 ZOOSTOWY or QOORUNXX 8. Take your full name (or some other name you like and can easily remember). Divide it into segments or blocks of the length you need for your password. You may rotate back through the name again if you need additional letters or truncate any extra letters. Drop the first block. Use any other block that is not an exact match for a proper name or word. "John Quincy Adams" -t JOHNQUIN CYADAMSJ + CYADAMSJ "Alexander Graham Bell" -+ ALEXAN DERGRA HAMBEL + DERGRA
I N F O R M A T I O N
9. Take a word from the dictionary that is
long enough to qualify as a password. Replace all the vowels with numbersor special characters (e.g., "#," "$," "@," or whatever special characters your system permits in passwords). "mornings" -+ M$RN$GS "psychotic" + PSlCH2T3C 10. Take a word from the dictionary (or a proper name you like) that is long enough to qualify as a password. Put all of the vowels together and all of the consonants together. "friends" -t IEFRNDS or FRNDSlE "Douglas" -+ OUADGLS or DGLSOUA These 10 techniques may help users to invent techniques of their own. Just using a technique improves one's ability to mernorize a password. Passwords, of course, should not be written down or stored where they might be discovered by some. And, as good as the examples used here are, users should not adopt them as their own. They will probably find their way into some password-cracking dictionary!