Monday, December 19, 2005

How to remember web site passwords

If you, like me, have logins at many, many web sites you probably worry about password security for those sites. You probably chose one of these strategies:
  • Use the same password everywhere
  • Use a different password for each site and write it down or store it somewhere
  • Use a program like quepasa to generate passwords when needed
I use a totally different approach: I remember an algorithm for creating passwords based on the site name, and a secret that only I know. Here's how it works.

Firstly I have a secret; the secret is a short phrase that I will easily remember. Let's suppose my secret is the phrase "Before I kill you Mr Bond" and I'm about to visit and need to log in (and my browser has forgotten my password). First I write down the name of the web site and my phrase like this:
Before I kill you Mr Bond
a m a z o n
Then I calculate a number based on the number of words in my phrase and whether the letter in the site name is a vowel of a consonant. The first number is multiplied by three and every time we hit a vowel in the site name the multiplier is incremeted by one. The number is the number of letters in the corresponding word in my phrase times the multiplier. For example,
Before I kill you Mr Bond
a m a z o n
5 1 4 3 2 4 (from phrase)
3 3 4 4 5 5 (multiplier)
15 3 16 12 10 20
So my number is 15/3/16/12/10/20. Now take that number and use it to read off characters 15, 3, 16, ... of the phrase (with the spaces replaced by special characters on the keys 1 through 9 (for the first space use !, second space @ etc.).

0 1 2
[email protected]#you$Mr%Bond
So my Amazon password would start with oouli% for good measure I then append the first 4 numbers from the calculation above to get the password oouli%1531.

For Yahoo! the calculation goes like this:
Before I kill you Mr Bond
y a h o o
5 1 4 3 2
3 4 4 5 6
15 4 16 15 12
Which yields a Yahoo! password of oruol1541.


Stuart said...

Have you taken a look at Password Composer? It automatically makes a password based on the domain and a secret and hashes them together to give you unique site passwords.

What's more if you use Firefox you can integrate it into the browser so a nice popup password box appears when you click on a password input box.

Definately worth a look for those who don't want to think too hard when composing a password.

Anonymous said...

Opera has a similar feature, you click on a little want and it drops in your password. Very nice.

codeman38 said...

'Before' has 6 letters, not 5...