Passwords --was-- Re: [BC] Can't solve it if you don't know about it
Dale H. Cook
radiotest
Mon Jul 31 09:39:26 CDT 2006
At 09:21 AM 7/31/2006, Cowboy wrote:
>Pass-phrases are MUCH better, provided they aren't too obvious.
> Even better, are apparently random strings derived from a
> pass-phrase, something like MBWbiO14 derived from
> My beloved wife's birthday is October 14.
>
><snip>>
>
> Also good are seemingly random combinations of words.
> Things like spatula&motorcar
> Enough characters to be secure, no apparent relationship between
> the words, and a "random" character separator.
Listen to Curt folks - the man knows whereof he speaks.
My most critical passwords, both at home and at work, are strings
built on a foundation of the manufacturers' names and model numbers
of favorite items of electronic equipment. Those are then modified
using a pre-determined scheme. The initial strings, which are easy to
remember, are "seeds" used to grow passwords.
Here's an example. Please note that this example is not a part of one
of my passwords, and the modification scheme is not the one I use. I
don't even use broadcast equipment for seeds - I use other makes and
models of electronic equipment that I am extremely familiar with.
Since this is a matter of security I cannot divulge exact details of
how I build my passwords, but this example will give you the general
idea and, I hope, will inspire you to create more secure passwords
for your own use.
Let's start with a seed derived from our industry. We will use one of
my favorite items of old broadcast equipment - the first console that
I ever installed - the RCA BC-7A. The seed, therefore, is:
RCA BC-7A
Since many systems limit the range of characters allowed in
passwords, and do not allow spaces, we must replace some characters.
Let us assume that spaces and hyphens are not allowed by the target
system, but that underscores are allowed. Our scheme specifies
modifying the seed to:
RCA_BC_7A
Since most target systems are case-sensitive, we want to mix upper
and lower case. Our modification scheme includes a rule to put the
manufacturer in lower case, and the model in upper case, yielding:
rca_BC_7A
Our scheme also includes rules for replacing some alpha-numeric
characters with allowed punctuation symbols. For example, it might
specify replacing all instances of the letter "A" or "a" with "&"
(the "and" symbol - chosen because "and" begins with "a"), yielding:
rc&_BC_7&
The transformation from the seed to its final form is complete. Note,
however, that this is not a complete password - it is too short. If
the target system allows, say, passwords of up to 20 characters,
concatenate one or more of these strings, built from different seeds,
to get as close to the maximum password length as is feasible.
The key to making this system work is twofold - remembering the
system for converting seeds to strings, and remembering the seeds for
each target system. The first is fairly simple - devise a robust yet
memorable scheme, and use it. As for the second, let us say that the
target system is a genealogical web site concerning your
grandmother's family name. In order to associate the seed "RCA BC-7A"
with that site, visualize your grandmother running an RCA BC-7A. If
you can remember the seeds for a target, the process of converting
them to a password is purely mechanical.
> In an air studio, where "talent" isn't know for good password retention,
> I'd be using something like the first and last letter of the names, both
> first and last names, of each person on the morning show.
> Use their real names, not their air names, including at least one real word,
> and it seems that's about as good as it gets.
My scheme is devised by a geek for the use of that geek. It may be
too complicated for "talent," but even "talent" should be able to
remember the trick of using a consistent scheme to replace some
alpha-numeric characters with punctuation.
Dale H. Cook, Chief Engineer, Centennial Broadcasting,
Roanoke/Lynchburg, VA - WZZI / WZZU / WLNI / WLEQ
http://members.cox.net/dalehcook/starcity.shtml
More information about the Broadcast
mailing list