Write Down Your Password

Microsoft’s Jesper Johansson urged people to write down their passwords.

This is good advice, and I’ve been saying it for years.

Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

Tags: ,

Posted on June 17, 2005 at 8:40 AM158 Comments

Comments

JulainYorke June 17, 2005 8:59 AM

Why not just use a combination of words and numbers you can remember, and mix in some 7331 speak? I find this to be easy to do. Example Th0M42Y0rk3

tyler June 17, 2005 9:26 AM

Has any one heard of the Diceware way of creating passwords? Sounds like a good idea if the password is made long enough.

Richard Rodger June 17, 2005 9:31 AM

The current situation with website passwords is such a mess. I have found that the best way to handle it is to use only “good” passwords, but also to have a grading system, so that one uses a graded password on sites with the same level of desired security. More “secure” passwords are used less frequently. Obviously this has several weaknesses, but it does have one big advantage in that it reduces the need to memorize many passwords.

I also tend to find that the super-sensitive passwords for online-banking tend to stick in my head after a while, just because they are so important. That said, I do have every password written down, but I leave that little black book at home.

Stiennon June 17, 2005 9:33 AM

Cool. Great advice. Like most great advice it is simple and flies in the face of conventional wisdom. While security auditors are fond of telling stories of finding passwords under keyboards they would be completely stumped if the end user’s had their passwords with them.

Of course, it would be great if applications would block the obvious behavior of dictionary attacks.

My idea for a reverse attack on a large body of accounts, say Yahoo! : Since you know that a signifigant portion of users have easy to guess passwords, and you know that every username shorter than eight characters is in use just run the short list of passwords (starting with “password”) against a list of usernames!

The attacker will not get a specific account but he will get accounts.

Kenneth Ballard June 17, 2005 9:37 AM

Use a password manager. I recently started using KeePass, and it’s a wonderful piece of software, especially since I can keep it on my pen drive, and backed up elsewhere.

To generate the passwords I store in the database, I typically go to random.org and use it to generate a random password of bytes converted to hex or straight digits. For an auto insurance policy I recently purchased, that is how I created the online username and password. Both are random bytes converted to hex.

JulianYorke June 17, 2005 9:38 AM

jens: the purpose of this method would be so you dont have to write it down….Of course the problem comes when you have to come up with multiple passwords like this, but it works for the most part

RvnPhnx June 17, 2005 10:11 AM

It is worth noting that often times the best password is that annoying series of letters and numbers on the bottom of your keyboard, mouse, telephone, random box in the office, etc. Those “random object” passwords are extremely hard to guess for anybody whom doesn’t actually have access to your desk…………

jayh June 17, 2005 10:38 AM

having 2 or 3 unrelated words separated by numbers tends to be reasonably easy to remember.

Unfortunately a written strong password is potentially more of a risk than a somewhat less strong password that is never committed to paper.

lome June 17, 2005 10:42 AM

one recommendation I heard a while back was to mix in other information into the passwords when you write them down…like your phone number or driver’s license number or address, etc, etc – stuff you know very well already…

so on your ‘password sheet’ you could have

555l@55,0pe1234ryd.plaoo,rpe1442ydcpelaoo,rpe9thurgpydla55,0peSt

which in this case, contains a fictitious phone number, address, and 4 passwords

I suppose you could even put multiple lines (some being bogus, just to add more fluff — you just have to remember which line your real data is — but you could do this by making the address or phone number wrong, or something like that)

just more food for thought…

Joe June 17, 2005 10:46 AM

i write mine down in a small notebook and keep it in a lockable (but usually unlocked, for easy access) drawer in my home desk. All the common sites I visit away from my home desk, i can remember the passwords, and if i need to get into any of the obscure sites I can’t remember the p/w for, i can generally wait till i’m at home and can look at the notebook

Maureen Hay June 17, 2005 10:50 AM

I’ve been creating a 3×5 card for each site with the info needed, including date signed up and anytime I used a credit card there, which card and the amount. The cards are in a decorative box nearby.

David June 17, 2005 10:58 AM

Yes, someone could steal your wallet, but then your web site passwords may be the least of your concerns. Also, depending on how many you record, it may not be obvious to anyone which site and username goes with the password, so they’d be useless unless the person stealing your wallet also knew you reasonably well.

One simple trick people who do write down passords use is simple encoding. For example, just add one or two extra letters at the front or end of the real password, use simple rotation, etc.

For example, Tj7e4uI@ could become:

4Tj7e4uI@ (just remove the first char)
Tj7e4uI@5 (just remove the last char)
@Tj7e4uI (just put the first char in the last position)
tJ7E4Ui@ (just switch the case of all letters)

Anyway, such simple coding is helpful for all sites that don’t allow dictionary attacks, such as those that lock out (temporary lock is best to avoid easy DoS) after a few missed attempts.

But I prefer to use PasswordSafe on my desktop and laptop. Of course, this doesn’t help for those few accounts that I may want to access when I have neither, and so a simple paper record that’s encoded using such techniques is quite good because a typical thief will have no way of knowing.

Obviously, you can also encode your userid, the web site it belongs, to, etc. using similar techniques.

David

Gil June 17, 2005 11:02 AM

One of the most interesting ways that I’ve heard of to create strong passwords is to use a pattern of keystrokes from your keyboard, i.e. a circle of all the keys around the ‘F’ key for example, or an inverted V starting at the ‘x’ and ending at the ‘b’. Type it once or twice and sense memory kicks in, making it easy to remember but difficult to reveal to someone without actually typing it on a keyboard. Hold down the shift key for one or more of the keystrokes, and make the password even stronger

Sylvain Galineau June 17, 2005 11:15 AM

I have a copy of PasswordSafe and its database on a USB thumb drive. I run PW from it and carry it with my car keys.

Roland June 17, 2005 11:19 AM

For sites that require a lower level of personal security (i.e. sites unrelated to your finances), I use this method, which is simple to remember:

  1. Come up with a pass phrase, around eight words long, including a proper name or two: “Dick and Jane like to go to Landsdale, Michigan.”
  2. Make the acronym for the phrase: “DaJltgtLM”
  3. Tack onto the end of that the audible acronym of the website in question: “amazon.com” becomes “adc”
  4. Full password for your amazon sign in: “DaJltgtLMadm”

Notes: I wouldn’t necessarily consider Amazon a lower security needs site, as they can store your CC information for 1-click purchasing. It’s just an example here.

Also, this is not the actual sentence and web-site specifying protocol that I use.

Advantages: fairly long passwords that incorporate both upper and lower case, and can also include digits. You only need to remember a single passphrase, and whatever algorithm you come up with to make the password different for each website. Nothing needs to be written down. Once you have the pass phrase in your memory, you will not lose it, short of brain damage.

Disadvantages: An unscrupulous moderator with access to your clear text password at one website (some public bulletin board engines save passwords in the clear), could realize what you’re doing, figure out your specificity algorithm and apply it to other sites you are known to frequent. For that reason, you should use a better system than one shown above (say, pulling the first four letters of the domain name, keyboard shifting it one row up, then populating every other letter of your passphrase with the result, giving you “DqajJqlatgtLM” – a good password, recontructed in ten seconds from the passphrase and “amazon.com”). So your password is only as safe from this sort of prying eye as your algorithm for specificity.

kurt June 17, 2005 11:35 AM

writing passwords down on a slip of paper and sticking it in your wallet basically just turns a password based authentication scheme into an ad-hoc token based authentication scheme (with the user playing the role of the token reader)…

it seems perfectly reasonable to me, but how many passwords are you really going to store that way? if you’re just worried about passwords for websites (and i have many times many of those), mozilla/firefox can store them for you and encrypt it’s password store with a master password (same idea as password safe but integrated into the browser) which seems much more convenient if you ask me… and of course if you need them at some other computer you can use firefox from a usb drive (which brings us back to tokens)…

Steve Grzybinski June 17, 2005 11:48 AM

I usually leave my passwords at the default. It makes tech support calls a lot easier…

Jarrod June 17, 2005 12:07 PM

Gil:

Patterns such as that are easily searched, making for a weaker password.

I keep my passwords (up to about 70 now, some not so recently in use) in PasswordSafe, though I need to put a copy of the password in a safe deposit box (just in case, you know). The government could get to it if they had to, but it would be pretty unlikely for anyone else to get to it.

There’s always a weak spot to any method of hiding data. Strengthen the weak spot, and another weak spot takes its place. One just needs to find a point where one is comfortable with whatever weakness is the most visible.

Ari Heikkinen June 17, 2005 12:08 PM

Microsoft? Come on, we’re talking about a firm who people generally hate and use their products only because they’re forced to (so I wouldn’t take anything they say too seriously). To me, a big list of passwords on paper is clumsy and long passphrases are generally cumbersome. This isn’t an easy problem to fix (it’s easy to say passwords don’t work but much harder to completely replace them). What would probably be better would be a small little device that you could carry with you (perhaps attached to a keyring) designed for storing passwords for easy access.

Steve W June 17, 2005 12:17 PM

This is a never ending battle. Most of these posts seemingly apply only to the security concious user (those of us reading this blog). I assert that the less informed user (the majority) is not as concerned about what their password is and where they have written it down. There will always be a desire to have stronger, more secure passwords. However, as long as there are users that are not informed of the ramifications of such a breach, sticky notes under keyboards (or fill in your favorite method here) will always be there.

Anonymous June 17, 2005 12:26 PM

It seems that this notion should be taken to an extreme: Password Policies should begin:

1)

Get a pen and a small piece of paper that you can fit in your wallet, purse, or anything else you have with you at all times.
Done? (y/n)

2)

Write this down:
vuh8Eo9aN3

(a 10-character random string in a graphical format … no copy/paste)

Done? (y/n)

3) Do not lose your sheet of paper. Do not keep it where anyone else can access it.

Password changes:
1) Enter existing password.
2) Repeat steps 1 – 3 above.

Grant Gould June 17, 2005 12:40 PM

Just started using PasswordSafe and a thumbdrive for this. Apart from the awful database compatibility issues when moving between Windows and Linux, I have to say that PasswordSafe is delightful — very nearly the right tool.

stacy June 17, 2005 12:56 PM

This is great timing… I just gave a security awareness presentation where this was one of the topics. My advise was to take a short phrase, do some creative (i.e. non predictable) substitutions and use that as your password. Then you can write down your phrase as a reminder without revealing the password. The other suggestion was Password Gorilla (a multi platform variant of Password Safe) and a USB memory stick.

Chung Leong June 17, 2005 1:25 PM

I’m working on a way to keep a password in the back of my eyelids so that only I can see it.

Cory Bys June 17, 2005 2:09 PM

Making users remember complex passwords creates a disruption in the normal flow of business. I like the idea of blank passwords.

Brendan O'Connor June 17, 2005 2:33 PM

You guys need to wake up and smell the roses! Blank passwords? Default passwords? This is exactly what attackers are looking for! I recommend that you employ a security-by-obscurity methodology and create one generic login that all users login with. Make the password complex. That should reduce administration to acceptable levels and give you the level of security that you are looking for…

mc June 17, 2005 3:53 PM

The method suggested by lome is also useful to avoid keyloggers. You mix other information with the password, then you type that mix, but you copy/paste (using the mouse, of course) only the password.

Greg June 17, 2005 3:56 PM

People have been saying that storing your passwords in your wallet is fine, because if you lose your wallet you will have lost your credit card, etc anyways.

One important distinction though, is that you can call up your credit card company and render it useless to others as soon as you discover the loss/theft. Also, you will get a new one you can use very quickly.

It’s not possible to do the same thing with your unique password list stuffed in your wallet. Even if you were clever and made it difficult to use by someone besides yourself, chances are you wouldn’t be able to recall all the passwords.

Kevin Davidson June 17, 2005 4:12 PM

I wouldn’t want my whole way of life compromised if someday I lose my wallet.

I keep all my secrets AES encrypted on a USB hard drive that I carry around with me. That way not only can I have passwords that are too strong to remember, I can have passwords that are too strong to type in accurately!

Rich June 17, 2005 6:07 PM

Lots of people posted great password generation systems. The problem with all of these is that most of us need 10s or 100s of passwords.

And also consider how easily your entire system could be cracked if two or more passwords are compromised.

Personally, I think storing them (on paper or in encrypted bits) is a lot safter than constantly having to contact tech support to have it reset.

RC June 17, 2005 8:06 PM

Password Cards —
If you can remember a long random password, choosing one is as simple as dealing cards from a deck:
http://www.webplaces.org/passwords/
You print out a set of cards with letters and numbers on them. Then shuffle, deal, memorize, and reshuffle the deck.

Dave June 17, 2005 8:55 PM

A number of people say you use passwordsafe or similar. The question still remains; how to you generate and remember a good passwordsafe password?

Because Password Safe holds usernames, sites, and password (and other products even more info) this make you passwordsafe on you USB more valueable then $%#Dfgfsd written on a piece of paper in your wallet.

@Bruce. I might start learning to pick pockets, so if you every visit Australia I can commit a major l33t hack and publish your passwords on the net 🙂

Dave June 17, 2005 8:56 PM

@RC

I don’t this we have problem with generating random password.

I have a problem with remembering random passwords.

grahamc June 17, 2005 9:29 PM

@Aaron (Posted by: Aaron at June 17, 2005 05:02 PM)

The password generator is an excellent tip, thanks for that.

Similar to password safe, a single master password to encrypt the password set, but with the generator it becomes a virtual safe.

Anyone see any flaws in this? I don’t.

grahamc June 17, 2005 9:49 PM

The article reminds me of the futile arguments I had as a system administrator with academically trained auditors who insisted I had to enforce password aging – make people change their passwords every month.

I thought it was brain-dead. It reduced security because it forced people to remember even more passwords, and increased the probability that they would write passwords down on postit notes. This cut no ice with the auditors, who dictated as their textbooks had told them to.

Since the conventional wisdom was also that writing down passwords was insecure and so strictly forbidden, it left users with nowhere to turn. On the other hand it kept the helpdesk in secure employment on the constant flow of password reset requests. A side effect was the obvious potential for social engineering attacks by impersonating another user on the phone and getting the help desk to reset their password. The help desk was so inured to the requests they did it by rote.

I told the users to use password safe and not tell anyone. If discovered one could always argue the semantics of “to write down”.

benlast June 18, 2005 2:39 AM

Don’t write down your password. Write down something that will allow you to remember it. I have a piece of card on which passwords are noted, but you wouldn’t find any actual passwords on it. You’d see phrases like “amazon: first version, original digits plus three”, or “ebay: third version plus digits of second version”. The amount of stuff you have to actually remember becomes very small; the card is a set of mnemonics for it.

Benny June 18, 2005 2:59 AM

A neat idea i ran into a while back was using inkblots as the basis for a new type of password system. The idea is that most people see very different things from the same inkblots, so you present an user with a series of computer-generated inkblots, the user generates a password based on what they perceive in the images, and thereafter whenever the password is required you just present the user with the inkblots. Initial limited testing found users very receptive to this, as the system was very intuitive and the inkblots were very effective at triggering recall of passwords.

http://www.dotnetdashboard.com/DesktopDefault.aspx?tabindex=0&tabid=75

That URL was unfortunately the best source of info i could find; the paper at Microsoft, where this research was done, seems to have been taken off-line.

mc June 18, 2005 6:53 AM

Anonymous:

Yes, they can, but most don’t.

One could also use an alternative method to enter keypresses for passwords, for example running osk.exe (in Windows). That might fool a number of keyloggers.

Dave June 18, 2005 11:45 AM

I notice that several people here have described in detail how they generate and store their own passwords. And then decided to broadcast that information on the internet. Given that this is a security-related blog, wouldn’t you assume that readers might think twice before doing this?

I have my own homebrew password solution of which I’m rather proud. It works well for me. But I’m damned if I’m telling you what it is. So there!

Tom June 18, 2005 1:50 PM

I was thinking about differing password policies and came up with this (which I tell my users to do).

Most of my users seem to use obvious passwords, like their firstname or their child’s name – they are simple and easy to remember, e.g. John.

I could enforce password complexity on a domain, but how many of my users will remember something more cryptic, e.g. 4jKlm4in, not many I expect.

I’ve found that rather than asking them to remember something complex (and to stop me having to reset it every week when they forget), it was better to ask them to make their original simple password – in the above case ‘John’ – more complex but something they could still remember.

So, rather than telling my users to create a ‘password’ I tell them to create a ‘passphrase’, and give them some tips and examples. Now rather than using only ‘John’, a user might use something like “My son’s name is John” – it’s easy to remember and relatively simple, plus they can make it harder to brute force by adding special characters and/or punctuation.

Jon June 19, 2005 12:44 AM

I keep a list of passwords on my Palm machine as a private file, and then set Security to hide private files. If I need access to it, I unhide private files by entering my Palm password, use it, and immediately hide them again. Not perfect, because someone can probably hack into a Palm if they have possession of it.

another_bruce June 19, 2005 2:34 PM

just sprinkle a number that means something to you here and there into a name that means something to you and you’ll be able to remember it just fine. i flatter myself to suppose that i even have anything going on in my accounts that’s interesting enough to hack into.

Sean O'Hara June 19, 2005 3:05 PM

@Dave

KeePass has a password generator built in — just tell it how strong you want the password to be, and then save it in the database.

I do agree with you that having the database and password manager on a thumbdrive is little safer than keeping the passwords in your wallet — even if you encrypt the DB, it’s only as safe as your master password. It makes more sense to me to keep the database encrypted on the hard-drive, but keep the key on the USB drive (of course, if you have to use multiple computers this might not always be possible).

Vikram June 19, 2005 6:18 PM

Wow,

Loads of new ideas for storing and generating passwords. I also noticed that most of these also have names associated while responding with hints all through out indicating how they use passwords. Thats it for security.

The topic is not about generating and using strong passwords but how to secure these created passwords. Personally I am against writing it on a piece of paper. Use an electronic tool and use synchronisation to back it up to a secure place with every log off.

Roger June 19, 2005 10:22 PM

@Jon:
“Not perfect, because someone can probably hack into a Palm if they have possession of it.”
Regrettably, at least for versions prior to Palm OS 4.0, that is indeed the case. See:
http://www.atstake.com/research/advisories/2001/a030101-1.txt
If you wish to keep sensitive information on a Pam Pilot (or any other PDA, for that matter), you should encrypt it. Fortunately, there is an embarrassment of choice, with dozens of encrypted MemoPad replacements available to download for free.

Patrick June 20, 2005 1:16 AM

CryptMe has an interesting solution for passwords: On a credit card size paper, you have random generated letters grid, with a row and a column header. You only have to remember the start coordinate (Row/Column) and a navigation rule ( my password takes 6 letters horizontal and 4 letter vertical).

Paul O June 20, 2005 5:39 AM

I combine the use of PasswordSafe on a thumb drive with a collection of 3×5 index cards (one card per password, secured at home; higher-security sites don’t get written down).

For some sites, I’ll choose a more memorable password (e.g. taking an old movie title or short phrase and interleaving the letters from each word, then applying various popular transforms (e.g. 1 for l, 2 for duplicated letter, etc). “Bull Durham” might become “bDu21r1h”. If I can’t remember the password, I can remember the process I used and recover it.

Still, I’ll be happier when the thumbdrive choice is more universally portable between MSWin and Linux.

Paul O June 20, 2005 5:58 AM

And before too many theorists “attack” my methods as susceptible to an expanded dictionary attack, I’d be interested in informed opinions comparing the randomness of various perturbation methodologies against more purely random passwords.

That is, what fraction of the “total” random namespace is covered by each of various methods of forming passwords? (GF name; simple word; 7331 subs; interleave; etc) And how much coverage is necessary to thwart practical dictionary attacks for various purposes? Has anyone published on that particular question? Online links?

Paul June 20, 2005 7:55 AM

If you are manageing more than a few accounts, credit and bank card PINs, door entry-codes etc, then recording them in some way is the only reasonable way to work. However, it’s worth obfuscating the information in some way so that possession of your aide-memoire does not give trivial access to the secured resources. I would recommend writing things down, but in an obfuscated manner that is easy for you to decode, but difficult for someone in possession of your aide-memoire. I would value having a set of obfuscating methods that could be taught to end-users e.g. if your bank card PIN is 2847, your credit card PIN is 9304, your work door access code is 5371 and your work userid is pe049316 with password blue5dogs how would you write this down in a sufficiently obscure way?

Paul June 20, 2005 8:26 AM

@ ‘Clive Robinson’

Sorry, I didn’t make myself clear. The problem is not choosing passwords, it is obfuscating passwords already chosen (not necessarily by me), and not easily or trivially changeable. I have 5 bank/credit card PINs to remember; one door entry code; three work (non-web) user-id/password combinations and umpteen web-site passwords. In most cases these are not chosen by me.

I do not think this is atypical. In addition to the above, I have a huge number of non-work related PINs and website passwords to remember. The average not-particularly-technical end-user needs a sensible method of obfuscating information like the above, that doesn’t involve using PDAs or other electronic fripperies. The 99c pocket-book and pencil should be enough.

So, how to write down a PIN in plain sight? Don’t use a fake phone number, as these are spotted very easily by criminals. However, writing down the following sequence:

937521
830274
061172

is easy. Where is the 4 digit PIN? Any end-user can do this, especially if you add another level by, say, subtracting 1 from each digit of the PIN, or adding 32 to the written down number to get the actual PIN.

That’s PINs dealt with. A similar technique can be used for passwords, and there are variations. I use these techniques (obviously not the exact ones I’ve listed above), and I’d be interested in (a) collecting more techniques for teaching to end users and
(b) reading any securty analyses on such techniques to determine which, if any, is ‘best’.

Otto June 20, 2005 9:11 AM

While I find this discussion interesting, I must admit I am a bit at a loss as to why studies in this vein persist. Static passwords are bad, and are not likely to get much better. Between problems with protocols (LanMan Hashes, Cisco’s LEAP, etc.) and new techniques (rainbow tables), I see no reason to believe that moving to still longer passwords is going to make a significant difference for long.

We know that users chose bad passwords and will often actively work to bypass quality provisions. We know that it is typically possible for users to remember, after a couple days, their primary password, and so won’t consult the slip of paper regularly. We know that attackers can, and will, go to great effort to get information from corporations. Given all of this, it is safe to presume that educating our users to write down and carry a list of passwords is likely to encourage attackers to steal said lists. Since the users won’t be using the lists requently, days, if not months, could go by before the compromize is discovered. This improves our security how?

It is well past time for the static password to go the way of the buggy whip and the dodo. Other solutions exist (tokens, certificates, etc.), we just need to stop allowing vendors to continue producing security “features” which provide no security.

Toby Felgenner June 20, 2005 12:01 PM

A comment on “The Curse of the Secret Question”, from 11 February 2005.

Here is a strategy for choosing Secret Questions, based on the often cited and practical method for choosing reasonably strong, easy to remember passwords: i.e. taking a memorable phrase, and making an acronym using the first letters of each word (and adding uppercase letters, substituting numbers, adding punctuation/special characters). i.e. the song lyric “Yesterday, All my troubles seemed so far away” = Y,Amt55fa

Reversing this strategy may help with secret questions: if the site allows you to enter your own secret question, then make the acronym the secret question, and the resultant phrase becomes the answer (in this example, I am sure that without having read this, very few people would be able to guess that y,amtssfa = “Yesterday???).

If you choose a couple of your favourite songs of all time, you have a several questions ready made. And by sticking to only those all-time favourite songs, then the acronym should be enough for you to easily trigger the lyric/song title.

Song lyrics can be a good to use, because many people love music (and so there is something emotive/interesting for them to draw upon), and musical tastes are very individual (so individual acronyms will not have much meaning to broad numbers of people), and the brain stores memories of musical tunes and lyrics in the auditory cortex (which is a different part memory that may be easily triggered, and may not be so fatigued).

Gary June 20, 2005 2:25 PM

The method I’ve been suggesting to people for a very long time is to come up with a simple “formula” for their passwords based upon the site, location or business that the account is associated with. For instance, if one had an account with an organization called XYZ Corp. one could do the following:

  1. Start off with a six to eight character word that is easily remembered. This can be the name of one’s spouse, child, or whatever people typically use as a single word PW. For instance, someone might use “schneier” as their base password. This is basically just to get the character count up into the minimum range for a password on most logins.
  2. After the end of the base word add one or two letters from the site, organization, etc. that one is logging onto. For XYZ Corp. the user might pick the first and third letters of the name, X and Z. The password is now “schneierxz”
  3. A number based on something like the total number of letters in the basic organization name. For XYZ, Corp. that might be 3.

The overall password comes out to something like “schneierxy3” based on the above method. The same person might log into ebay using the password “schneierea4” since “e” and “a” are the first and third letters of that organization and there are four characters in the basic name, and onto their paypal account using “schneierpy6” as their password.

Using some method like the above allows users to create unique passwords on all their accounts, yet remember them all using the same basic formula.

Of course, the exact method should vary from person to person. Parts #1, #2 or #3 might be done in another order to come up with “xz3schneier”. One user might use the second and fourth characters of the organization name rather than the first and third. One could also do things like use the previous or next sequential letter(s) of the first several letters in the organization’s name. Someone logging onto an IBM website might use the alpha character sequence “HAL” (the alpha characters before I, B and M in that organization name.) One might choose a numerical value based on the number that the first letter in the name comes from in its order of the alphabet. A is 1, B is 2, C is 3, etc. Whatever one thinks is appropriate, so long as it is easy enough to work out by looking at the name of the organization at the top of the login/identification screen.

This method of creating passwords is certainly not going to outperform any software meant to crack passwords by trying every letter/number combination for every possible combination of eight to twelve characters but it does make for a casual and easy to remember method of coming up with alphanumeric passwords that are unique to the login.

Gary

D. Branchato June 20, 2005 4:14 PM

As a Windows security expert, I see that it is imperative to migrate all systems to Active Directory. Kerberos is unbreakable, and therefore the complexity and length of passwords is not relevant. Therefore, users can choose any password of any character amount and remain secure. Thanks!

Roger June 20, 2005 8:58 PM

@D. Branchato:
“Kerberos is unbreakable, and therefore the complexity and length of passwords is not relevant.”
Actually, the first protocol exchange of Kerberos, where the Authentication Server is asked for a TGS session key and ticket, is vulnerable to a dictionary attack on the user password. This packet contains several known items encrypted under a key which is simply a hash of the user password.

All subsequent exchanges use strong keys, so you’re safe if the attacker missed the initial logon; but if he records everything right from the start, not only can he derive the password via a dictionary attack, but can then use the TGS session key to find all the other session keys as well.

IOW, a user password for Kerberos does need to be strong as it bootstraps the whole system.

This is actually true of all user password based systems, except for a relatively recently discovered family of protocols known as EKE, and a close relative called SRP. In these rather beautiful protocols an attacker, either active or passive, has no better chance of finding the password or session key than of guessing the password correctly on his first attempt. Consequently under these protocols even a 4 digit PIN can be adequate strength in some applications.

Robert June 21, 2005 11:12 AM

I don’t see what all the fuss is. I have a fairly normal memory (don’t tell me your name.. I’ll immediately forget it :-} ) but I have no problem remembering the “more than 8 digit” strong passwords I need for my network (I’m the admin) All the routers, firewalls, Active Directory, Lotus notes, on and on. After typing them a few times they seem to stick. Then again I know 45 digits of Pi off the top of my head.. ;-}

Pablo June 21, 2005 3:20 PM

Another option: Don’t turn ‘Yesterday/All my troubles seemed so far away’ into an acronym. Just enter the whole sentence. Unusual punctuation helps.

So, for instance, if the teller at the bank said something memorable to you once upon a time, enter that as your passphrase for the bank’s online service. “I’m sorry, but you are overdrawn!” makes sense, yes? Add numbers for enhanced hack-proof-ness. “You are overdrawn! By $10,000!”

The only problem is that password size limits are usually too small for this. A phrase is much more memorable than a word, and much more secure as well. A password generation process could come up with a unique word, a number, and a puncutuation, and prompt the user: Use the word ‘consanguinical,’ the number 6, and an exclamation point in a sentence…

Sekret June 21, 2005 3:20 PM

Makes sense to me. I’ve been obscuring PINs and passwords as scraps of phone numbers and addresses in my wallet for years.

Anonymous June 22, 2005 1:14 PM

Passwords, as a user-authentication method, aren’t the greatest. However, as Bruce always likes to point out, security is a trade-off. So your password policy (whatever it is) should depend entirely upon the importance of both the data you’re trying to secure and the resource you’re trying to protect from misuse.

For a http://www.latimes.com password, a dictionary word is more than sufficient. Unless you’re worried about some terrorist hijacking your latimes account and reading all about bombs, thus putting you on some terrorist watchlist, the risk here is basically nil. Actually, the rist is basically nil even in that case 🙂

For an email account, well… that depends on how important the email is. But in a sense “someone can log into the mail server and read your mail” is only a problem if you’re worried about someone deleting messages you want to read -> an attacker that wants to read your mail can probably snoop the mail as it travels hither and yon unencrypted. If you’re paranoid enough to use PGP, you’re in a different class of people who use email.

For an interactive login account, now an attacker has not only the ability to hose an individual user, but if the system is unpatched, (s)he can compromise the system itself. Depending on your cluster design, this can lead to not only data loss (which may be a trivial attack if you have very robust backup strategies in place) but also a downtime in service.

So the quesiton of “do I encourage people to write down their passwords or not” depends entirely upon what password the person is writing down, and what unauthorized access can be gained with that password.

If you’re mostly worried about remote dictionary attacks against your assets by a nonspecific threat, then highly complex passwords (written down) are a suitable response. Script kiddies will be foiled by a 10-character string of randomly generated characters, and you’re not so much worried about someone picking somebody else’s pocket to get access to their electronic resources.

On the other hand, if the data is highly sensitive, and your attacker is going to be a specific individual targeting a specific account, then writing passwords down is not necessarily a good idea. If someone is an official with access to top secret information, they should have to dedicate a portion of their brain to remembering a highly complex randomized string. Even if they use a tool like PasswordSafe, the key that unlocks the safe should be highly complex.

On the whole, I recommend to users that they use two classes of passwords -> passwords for things that they literally don’t care about (like their latimes.com account or their slashdot account or whatever) and a second class of passwords for things that they do care about.

The second class then can be protected in a couple of ways. One method is by dumping all of the complex passwords in a password storing mechanism that is encrypted itself (such as PasswordSafe) – here the user can use either a trivial password to protect the safe or a complex one if the safe itself has to be protected from attack.

The user can write down a password or set of passwords, provided the written log is itself protected in some way appropriate for the attackers that may be trying to get access to the log (this may be a null set, for most users).

For people who generate non-random complex passwords (for example, the “first character in every word in a sentence”) method, they need to realize that a general attacker (ie, your malicious script kiddie) is probably going to be foiled by most of these methods, providing that the password itself is of a decent length. A targeted attack will probably break the password, since it’s not truly random, if it is that particular password that comes under assault. So ANY non-random method of generating complex passwords is more or less equivalent, since they all protect against the same class of attack and fail against the same class of attack.

In my particular cluster, I tell people to protect their password in a way that’s suitable for them. For most users, their password does not need to be so complex that it will foil a highly targeted attack -> nobody wants to get access to an undergrad’s account so badly that they’re going to garbage-dive his trashcan to get his/her CS account password.

Mostly, what we’ve found, is that the average attack vector into our cluster is independant of how good the user’s password actually is.

Our number one attack vector is accounts that are compromised on systems WE DO NOT CONTROL. A grad student uses the same password that she used at somecollege.edu, and her sc.edu account is compromised. The attacker doesn’t even have to have root, just access to her sc.edu account. With the account comes the homedir, so the attacker has access to her known_hosts file, and the attacker just attempts to connect to every machine she’s ever connected to from sc.edu, using the same username/password they have already acquired.

If the target is using the same username/password on multiple clusters, our cluster is vulnerable to EVERY security vulnerability on EVERY cluster that ANY of our users have an account on. We limit this by limited remote login capabilities -> machines that run services aren’t accessible by mortal users.

So, for us, a complex (non-dictionary attackable) password is important, to protect us from random password-guessing attacks, and a UNIQUE password is important, to help safeguard against bootstrap attacks. Only slightly less important is for users to limit their vulnerability by not connecting to our machines from machines that may be compromised.

Actual “password retention” in the sense of how the password is remembered (either through mnemonics or writing down or storing in some password database) is far down the list in terms of concern.

Justin June 22, 2005 2:59 PM

This seems like a fine idea for many situations.

However, in situations where 3 piece authentication is used, for instance, doesn’t this effectively turn the “something you know” into “something you have”?

jbl June 22, 2005 6:53 PM

In a nicely written contribution, an anonymous writer speaks of the sensitivity of email:

‘For an email account, well… that depends on how important the email is. But in a sense “someone can log into the mail server and read your mail” is only a problem if you’re worried about someone deleting messages you want to read -> an attacker that wants to read your mail can probably snoop the mail as it travels hither and yon unencrypted.’

I would like to add another concern for email accounts. On most of the accounts I have, I worry more about someone using the account to pose as me when sending mail, as I rarely get sensitive mail on those accounts.

Pat Cahalan June 22, 2005 8:04 PM

Given the general lack of sophistication amongst the online populace, it’s almost as effective to just forge the header with your email address as the “From:” field as it would be to log into your account and send the mail directly. Although I swap back and forth between Mutt and Thunderbird, I don’t normally read the entire headers of any email unless I have a reason to be suspicious or I’m troubleshooting.

So, the possibility of someone hijacking your email account to send potentially damaging or scurrilous mail is there, but it doesn’t seem to be a more “effective” attack than just forging your address in the “From:” field. The target isn’t really affected by the difference -> if they’re going to fall for one, they’re likely to fall for the other.

Of course, you’re less likely to be sued or have to explain yourself to the wife if the mail is outright forged. However, the possible threat here seems very close to the threat of just having your address “borrowed”, so I wouldn’t regard it as a very likely set of conditions to deal with.

Of course, I tell people not to believe email anyway 🙂

josh2 February 17, 2006 11:57 AM

@Justin

This seems like a fine idea for many situations.

However, in situations where 3 piece authentication is used, for instance, doesn’t this effectively turn the “something you know” into “something you have”?

Yes, that is exactly what it does. That’s why we’ve spent all this time discussing ways to obfuscate the data. If you have (for simple example) a huge grid of numbers with a tiny PIN hidden inside then retrieving the PIN requires something you have (the grid) PLUS something you know (the ‘key’ to extract the pin). “(3,4), every second digit, down and to the right”, or “the 6 digits two rows below my birthday in backwards order” isn’t a useful piece of information without the grid and the grid only narrows down the search space to several thousands of “possible” PINs without the information.

Now if I lose my wallet I have also lost my check card, so I’ll have to cancel it anyway. As for the rest of my passwords, when I rush home to start canceling credit cards, I’ll get the backup copy of the paper hidden under a floorboard in my closet and use that to change all of my other passwords.

That is, in a nutshell, the strength and purpose of everything we’ve just been discussing, right? These mnemonic systems make handling many passwords much easier but only somewhat less secure. The more complicated system is the harder it will be to use – for you or the attacker; make the tradeoff that is right for you.

(And don’t bother breaking into my closet, I just made all this stuff up off the top of my head.)

Security buff August 15, 2006 11:56 AM

I have recently come across a product called SECUREPASS 1.1; downloaded it from publisher’s site http://www.securenez.com. The software claims, no password storage and real time creation of a strong password at login time.

Got curious, downloaded the program and guess what, it works as advertised. With IE, one click login is available, there is also an option to copy/paste if password is not filled in automatically – I have rarely used it with IE since most of the login pages of the websites are filled automatically. Also has a USB option for portability. The great thing is no passwords are saved or kept anywhere.

Works best if you go through a password change once for each of your sites and use the SECUREPASS generated password as the new password. Every site gets a unique high strength password that is only created at login time and then destroyed.

After trying many password managers, I feel this one is the best so far. This is the only one that hits on security and convenience at the same time. Try it out for free, price is only $14.95.

Would love to hear some feedback on this product from others.

The Buster August 25, 2006 8:45 AM

I cannot remember JACK these days. Getting older is a bitch. I am not sure why so many people are spending so much time using scarps of paper and ballpoint pens to create a password vault? Are there not software products that can do this for you?

Several of my friends have used different form fillers and password managers with different levels of success. What I was looking for was a product that would replace my poor passwords with secure passwords, manage all these passwords and then provide a FAST and secure one click login.

A friend turned me on to a little application called SecurePass which creates secure passwords to replace all my poor easy- to-remember ones, manages all these hard to remember passwords and provides easy one click log-in when I want to go to a password protected site. I never need to remember anything, and at my age there is already enough to remember (and forget).

It does take a few moments to set up all your password protected sites but once you are set up – you are good to go. You can simply highlight a site in the SecurePass menu and with one click it launches your browser, takes you to the site, automatically places your user ID and secure password into the appropriate location– on click and you are logged in.

The really amazing thing is that this software does not store ANY passwords, anywhere, ever. There are no password folders or encrypted passwords stored in any location. This application actually ???re-creates??? the original high strength password each time you visit the site and then completely destroys it after login. There is no trace of a password on your computer until the moment you login, after login – zap, it is destroyed until you log in again. Seems like a great aid to those of us who cannot remember long complex passwords and are concerned about security issues

Tara (PassPack) April 8, 2007 3:43 PM

I have over 200 passwords. How many little scraps of paper could fit in my wallet?

The only responsible thing to do is to choose – and use – a password manager.

Try this, it’s free: http://www.passpack.com

PassPack is a valid alternative to carrying around a USB keychain. It’s an online service so it can be accessed 24/7. So even if your computer were to catch fire, which wouldn’t be very fun anyway, you wouldn’t loose all your passwords.

cr May 30, 2007 6:20 AM

An additional obfuscation technique I use for more critical passwords/phrases is tabling.
Assuming a phrase: ABCDEFGHI
putting it into rows in a symmetric table and then taking the columns ruins any inherent phrasing pattern: ADGBEHCFI.
If you decide on a fixed asymmetry for your tables, and perhaps select a standard for which columns you read in reverse, you can store your passphrases on paper in untabled easy-to-remember form, and do the tabling in pencil on a chip of Formica or such. Once you’ve typed in the entabled password, smudge out the table with a moistened finger and it’s gone.

Anonymous September 7, 2007 2:20 AM

I have this in my .bashrc on Linux (and on my USB memory stick which has my password file):

OpenEncrypted(){
ENCRYPTEDFILE=$1
TEMPFILE1=$(tempfile)
TEMPFILE2=$(tempfile)
if [ ! -f $ENCRYPTEDFILE ]; then
echo “No password file.”
return
fi

gpg -o - $ENCRYPTEDFILE > $TEMPFILE1
if [ "$?" != "0" ]; then
    return
fi
cp $TEMPFILE1 $TEMPFILE2

vim $TEMPFILE1
diff $TEMPFILE1 $TEMPFILE2 >/dev/null 2>&1
if [ "$?" != "0" ]; then
    CODE=1
    while [ "$CODE" != "0" ]; do
        gpg -o - --symmetric $TEMPFILE1 > $ENCRYPTEDFILE
        CODE=$?
    done
fi
wipe -fs $TEMPFILE1 $TEMPFILE2

}

VimPasswords(){
file=/media/disk/Docs/passwords.txt.gpg
OpenEncrypted “$file”
}

Chris February 11, 2008 10:49 AM

Without knowing the threat model, it’s not reasonable to give a single advice how to handle passphrases. In 99% you may safely store them in an unencrypted file on your computer because there is no threat in the first place. No bank will give you your money back if they figure out you were carrying your credit card PIN in your wallet. If you’re only worried about remote attacks, there is certainly little reason against writing the passphrase down. However, if the threat model includes local attacks like real-life theft, I don’t see how it’s reasonable to write it down.

For example, imagine you travel to the USA and they confiscate your notebook with sensitive encrypted data at the airport. This happens quite frequently nowadays. If you carry a piece of paper with the passphrases around, they can just take it from you. That means your security is nil. If you only carry the passphrase in your head or at least in some master-passphrase protected device, it’s up to you whether you want to tell them the passphrase or not. They cannot take it from you.

Tib February 19, 2008 10:56 AM

What about having a “master password list”, one for every letter of the alphabet (or a subset), and then use a them to make compound passwords:

A => a87
E => E@a
L => L00p
P => pt*

APPLE => a87ptptL00pE@a

It might take a week or two to fully commit the list in memory, but then you have a powerful and secure password generator.

Duh February 23, 2008 3:44 PM

A master password list creates a pattern. If they have one of your passwords and they see you just used apple then they can guess different fruits based on that one password. It makes it easier to brute force cased on rosetta stone.

JF Ranger July 21, 2008 3:12 AM

One very good way for most of us would be to use only a few (3 to 5) passwords for all of our needs. Just categorize the type of access required by security levels.

Say category 1 would be the everyday sites you don’t need to protect that much. Simple passwords. Category 2 would be the somewhat sensitive sites (I didn’t say porn sites, only you thought it!). You can include your email, youtube and myspace accounts for example.

Category 3 would be all your banking accounts. You can also secure it more with an addition to it (one or two more digits for example), making the main category password the same, but all different passwords for added security for your different accounts.

Category 4 could be your main O/S password for example. Don’t use this one for too much accounts as this would be only the highest protection level.

This method would keep it simple and secure. And one important thing to do is to change your passwords frequently. But who does that? I know friends who still have the same passwords after 10 years. What’s the point of having passwords then? Keep the list of password short, simple for you but hard for a hacker and secure.

No need to write down passwords either, which is, in my opinion, totally ignorant. I’m sure the MS guy who gave this advice only had his grandma in mind, trying to send an attachment in hotmail and ending up calling MS tech support and being too nervous to remember any passwords. But the world is not ruled by grandma’s and one major flaw to computer security is social engeneering. Don’t make it easy for people to steal your passwords… even for MS techies.

Moreover, using up-to-date antivirus, antispywares and firewalls would also help preventing keylogger/remote control security breaches.

geena July 23, 2008 5:44 AM

i just dont understand, why, when each time i need help from yahoo or googles..the answered that they give me totally out! is it so hard for them to answerer a very simple question? i dont think that they have kept all the password or username in their record? i do feel upset abt this matter!

"Art Finnigan McBrowntooth Goes to Town" by Edward Cuspington May 7, 2009 10:48 PM

create an 8×8 table like this:

&H2dw&m?
2<kOqy#m
9^/}hQU8
n”uI[A4\
r~*pv%Pt
;6(m@bBL
c_+gYs!f
=0W.{]-

now write an algorithm that takes chess games (stored in PGN files) and converts the landing square of each move into its corresponding character from the 8×8 table you created, appending that character to a string. further encrypt the resulting string based on the result of the match. for example, you could use an ASCII-shift of some arbitrary positive integer if white wins and the negative of that integer is black wins. in the result of a draw you could reverse the string and ASCII-shift the characters by +1. again, these are just examples, feel free to use more elaborate methods in your actual algorithm.
now put that algorithm on a USB drive and place the USB drive in a small yet sturdy locked box which you carry with you at all times. keep the key to the locked box on your keychain along with several (at least 15) other keys to mask its identity.
this is the most effective way I know of to keep extremely strong passwords secure without having to memorize them.

Jo September 14, 2009 10:01 AM

You can generate good passwords with a pen, a piece of paper, and a die.
Draw a 6×6 grid and fill the cells with the 26 letters and the 10 digits. Roll the die twice to determine a row and a column and read off the character in the cell. Repeat until you have 12 characters.

Wayne October 9, 2009 2:02 PM

I recommend keeping your passwords in more than one place, just as you do with all your valuable data. cheers, wayne

Zafolo October 9, 2009 4:15 PM

What about this mixture of written and memorized keys (requiring something one knows, and something one has, and no additional software):

  1. Create a strong salt password. This will not change and is needed to re-create keys if the wallet is lost. Put it in the most secure place you have.
  2. Take the domain name plus account name for every of the 78 sites and accounts you need a new password for. Put it together with the salt password and run md5sum over it. You get a site hexcode. Take the first N digits of it. You will need adjust the length N that you can memorize exactly one important password of that length. Use it to set the login passwords of each account.
  3. Create a second password of length N, the master password. Memorize it. Don’t write it down. You must not forgot it.
  4. Subtract the master password from the site hexcode. You get another hexadecimal number. Write that down. This is your site key. You don’t need to memorize it. Carry it in your wallet. If you lose your wallet, worry about the other things in it first.

  5. When you need the site password, take the site key in your wallet and the
    master password you memorized, and add them in your mind. You get the password you need.

The charm of that is that no extra software is needed, which could have other security holes or create ill dependencies.

As long as you have salt and master, you can recreate any password you need to recover, even if your house burns down.

kilgore October 15, 2009 8:09 PM

To parrot a few others above …
PasswordSafe + USB drive.
PasswordSafe has a good generator.
Generate and store. Afterwards just copy/paste.
Good passwords without the need to remember them.

Peter Lind February 1, 2010 2:49 AM

There are ways to up the security of a password on a piece of paper. One way I came across – has the password “lost” in the mix of other random letters in a typical rows/columns table printed on the paper. You basically print out such a table of random letters and symbols (ascii-94 would be a good idea) and then decide on a pattern or path that the letters in the password follows on the paper. So you would only have to remember 2 things: The starting point, and the pattern.

This would secure the paper from just straight-up reading the password.

It probably won’t stand up to indepth analysis but you could probably have enough time to change the password after you realize your wallet is gone.

Clive Robinson February 1, 2010 5:22 AM

@ Peter Lind,

“… then decide on a pattern or path that the letters in the password follows on the paper. So you would only have to remember 2 things: The starting point, and the pattern.”

There is another way to do it that might be more to other peoples likeing.

You have a square that is 6 by 6 that contains A-Z0-9 randomly (or anyother set that gives you a usable rectangle).

For each of many services you pick a single base word or phrase

For instance,

“The Lord is My Sheepard And I shall Not Want”

Becomes “TLIMSAISNW” or “TL1M5&15NW” in the usuall sort of way.

Then for each service you have a number written down.

Gmail =4329456782
Hushmail =3964104727

And so on you then use the numbers to shift around the table. All you then have to remember is in which of the eight possible directions (N,NE,E,SE,S,SW,W,NW) it means for each number.

All you need to do is once a year change the master passphrase or table. Each time you have to change a password all you do is change the numbers.

As far as I can tell such a system was used prior to WWII as an identifier code system for shipping etc.

In that system the ships real identifier was effectivly encrypted differently for each hour/day by using different numbers and the table was changed once a month.

Is the system any good well, it was broken but then they had hundreds of ships using the same system and different squares for ship-ship, ship-dockmaster, ship-fleet, ship-HQ etc. So the “indepth” issue came into play.

Dee Adams February 23, 2010 11:05 AM

Norton Security 2009 includes a saved password system which enters them for you (no key-logging risk), and allows you to use separate passwords for dozens of sites that are linked to personal financial data. all you need is one really strong but memorable password to access Norton, you can use the same one or a variation to protect the flash drive file of Norton passwords which you’ll backup frequently.

Martijn March 16, 2010 5:12 PM

I store the 4 digit pin code of my bankcard on a piece of paper in my wallet.

If the thief of my wallet knows which sequence of 4 digits, in which direction, how many digits to skip and when, in which location on the piece of paper containing hundreds of other random digits and what numbers to add or subtract to them, belongs to my card, he has earned my money 😉

David March 16, 2010 9:06 PM

Haven’t read all the comments, but here’s what I do:

–I have “throwaway” and weak passwords for accounts useless to bad guys. For example, I really don’t care if someone takes over my slashdot account and starts killing my karma, so why waste the effort?

–I use my yahoo email as a “throwaway” address (with a slightly better password), only used for signing up on websites. Do you really need all that spam coming from myouterspace.com or DailyKos? About 2 or three times a year I sign in to clear out all the email…straight into the garbage without even reading it.

–Finally, I actually have a rotating roster of good, long, random (at least, to the world) passwords for things that actually could do me harm: Banks, shopping, etc.

Put the effort where it needs to go…everything else goes straight to the circular file.

M April 7, 2010 9:58 PM

Just remember what your favourite song is, and use a line of it. Or a book, or a movie, or a poem, or anything you WILL remember.
Itwasthebestoftimes,itwastheworstoftimes.
is a lot harder to crack by brute force than, say
iwtbotiwtwot
(the acronym) it’s easier to remember, and it even includes punctuation.
Only problem is if it won’t let you have one so long.

Andreas Becker May 17, 2010 4:30 AM

The funny thing is, a few days ago i stumbled upon http://passwordcard.org/

“Your PasswordCard has a unique grid of random letters and digits on it. The rows have different colors, and the columns different symbols. All you do is remember a combination of a symbol and a color, and then read the letters and digits from there”

It’s brilliant, cause you can keep this card in your wallet without showing the clear password.

Apreche May 17, 2010 6:53 AM

I tell people to use pass phrases. Most people can easily remember three or four words. Instead of using the dog’s name use “My dog’s name is Rover.”

The problem is sites and systems with stupid and pointless password restrictions that prevent using a passphrase. Worst offenders are those like American Express which limits password length.

Webkinz May 17, 2010 7:08 AM

My old hotmail address got hacked into with a letter/number combo password. First, I went through and change ALL my passwords to completely unique ones. Now my new passwords always include letters (upper & lower case), numbers, & symbols (!,+,#, etc…) I write them all down too. However, the nerd in me then takes over. I attempt to remember ALL of my passwords even the most difficult ones. I take a sense of nerd pride in remembering some of my most difficult passwords.

Oo May 17, 2010 7:18 AM

I too use the grid system: 10×10 character grid holds 4 of my most important PINs / passwords

BF Skinner May 17, 2010 8:02 AM

@Otar Chekurishvili “most secure “paper” is brain”

If this is true; then only for the moment.

Tom Human May 17, 2010 10:36 AM

He’s absolutely right. There is only a tiny incremental risk to writing down your password, compared to the huge benefits in having a much stronger password.

Consider that if your attacker already has physical access to your machine, then the chances are that you’ve already lost. For example, what’s to prevent him from booting your machine with his boot disk and then copying your drive wholesale to his for later study at his leisure?

I actually remember all my passwords, but I have a system. I have a category of objects, NOT “vegetables” but suppose it is. When I see a new site, I pick the first vegetable that’s associated with the site in my mind, prefix it with something from the site, capitalize the start of each word, and add punctuation – in this case it’d be BruceBean. (with the period).

For more secure sites, I just add another word and another piece of punctuation or a number: BruceBakedBean…

Once or twice I had to deal with very secure sites, in which case I add another word that’s unrelated and write it down… BruceBakedBeanEmerald4…

But I generally never forget them and have never been hacked.

Mircea May 17, 2010 1:00 PM

I use clipperz.com to “write down” my passwords. I like it because my passwords are encrypted on my computer and they only see the encrypted password.

They also have a version they you can host it yourself(which is what I use).

I recommend them wholeheartedly.

AI May 17, 2010 4:30 PM

Funny.

Put all your passwords in a Truecrypt container. Learn the password of the container and do not write it anywhere. Open the container when you need a password. Simplified, this is what I do.

In fact, it is a little more complex and I know 200+ passwords which are not in the containers, most of them being random key (parts of AES keys without some non-writable characters).

So… Lazyness (to learn passwords) is a cause of lack of security. Should the users be a little more motivated, security would be better.

Yes, I find this funny ! Do not be lazy, learn it, so simple.

Kids should be trained to do this easily. Other users should be motivated to train themselves. It is very simple to learn totally random passwords once you are used to.

BTW if you have ideas of motivations for my users… ^_^

Jordan Nash June 30, 2010 10:58 PM

I generate passwords at grc.com/passwords and store them in a plain text file, with my user name for the site. I copy/paste the passwords from these files as needed.

These text files, one for each site, are stored in a TrueCrypt encrypted directory.

The only problem I’ve run into is that many websites will not mention their character limit when you create or change a password. Several times I’ve entered a long password only to have it truncated at an unknown length and thus useless.

webkinz codes September 28, 2010 5:20 AM

I insist that all of my staff (through automated policies) also change their passwords every 90 days.

One of the most useful tools that we have is the Keychain Manager for OSX. Any of the Cocoa applications will use the Keychain and the Manager will also generate solid passwords for you!

Chris Glaves January 18, 2011 8:31 AM

The internet now has persistence and people can still find posts like this from now 5 years ago.

Is this a policy you still endorse?

Ben February 2, 2011 6:57 PM

I take a random string of ten characters, let’s say: “$@4saDsy^#
and I write it down on a piece of paper in my wallet.
In addition to that string, I use some simple, and easily remembered characters. For example, my name. Now where I stick characters of the simple string is my business; maybe I have a complicated scheme, maybe it’s just appended on the front or back, or inserted at every other character location.
Doesn’t that create a reasonably secure password?

Clive Robinson February 2, 2011 11:13 PM

@ Ben,

“Doesn’t that create a reasonably secure password?”

Simple answer is no if you dont manage your risk.

This is not because there is anything particularly wrong with your general method, it’s just not enough in some respects.

Firstly the amount of entropy in a single charecter is an open research question for various reasons, but is argued by some to be as low as 1.4bits and 4bits by others. Thus assuming your 10 “random” charecters remain your “secret”, they are only giving you 14 to 40 bits of entropy.

14bits of entropy plus a couple of guessable plain texts of twice the length (that are not pre or post fixes) would be sufficient under certain circumstances (secure comms to a secure site with a hard fail after a limited number of tries/guesses, that you only access from a secure PC in private).

However, due to insecure comms, poor quality sites, malware on PC’s and use in public your 10 character “random” string is potentialy not going to remain “secret” for very long…

Thus the question of risk managment arises or more simply “does this matter” and for most sites the answer is no. However this is not really the question that should be asked in a world of multiple sites. The question you should be asking is “what is my potential loss if my password becomes known?”

Thus you still need to consider multiple passwords of varying degrees of security for various sites, and assume that your password on some sites will be known to many others due to poor site security or malware etc.

Personaly I have taken the view of controling my risk by “limiting my liability” that is I do not do “online transactions” of any kind thus have limited my direct financial risk by not taking any.

However there are downsides to this so I did consider getting a “pre-loaded” payment card (ie looks like a credit card to the merchant but has no credit). But most of these have now either been “shut down” or require “on line” or other similar risk payment loading which defeats the reason for getting it…

James Smith March 30, 2011 1:46 PM

agree with an early poster…if you lose your wallet? surprised a quoted ‘security guru’ would suggest such a thing

Kevin October 22, 2011 9:29 PM

Multi-factor passwords on paper or USB

We each have a set of favorite words (pets/girlfriends names, sports teams, cars, etc.) that can be expressed by giving only the first letter, like X_____. So make your passwords long, complex and within KeePass or short and on a Post-It Note but just NEVER include all the characters. Then you’ll only have to worry about malware capturing them (unless you use a Secure End Node like Lightweight Portable Security).

Kevin October 22, 2011 9:39 PM

Do what the big boys do.. hash

Assuming you have a local hash tool (or can find a trustworthy one online) you really only need to memorize one password. Simply use enter website URL (or something about its login page) and your password into a hash generator, then copy-paste the hash into the password box. SIMPLE! (You still need to trust the computer you’re using…. so try LPS-Public.)

jankes November 19, 2011 8:04 PM

How about a method of keyboard shifting ? Just pick any password, easy for you to remember and use a keyboard shift pattern like for example 2 right and 1 up. Then apply that pattern to every letter of your easy password and there you have it. So schneier would become Rgik5056 (r is 2 letters right and 1 up from s on the keyboard, first capital for added complexity).

DigitalGeoff January 30, 2012 1:42 AM

If your passwords are protecting personal data you’ll also need to consider how your next of kin can access/use these passwords upon your death.

asaens July 26, 2012 4:56 PM

Just an idea because I don’t remember seeing this one anywhere. Go to random.org and choose to make a password then choose advanced mode and then answer the prompts but on the 3rd (randomization) choose “Use pregenerated randomization based on persistent identifier” and enter phrase or word you can remember. Put the passwords in a portable password manager that permits drag-and-drop and use that to enter your password into the password field. Complete the password by entering a few numbers/letters only you know. Therefore you have a system of a secure complex password by drag-and-drop which should protect from keyloggers and not having all your password information recorded anywhere by memorizing a small section. Another alternative to random.org is http://passwordmaker.mozdev.org/passwordmaker.html which produces good passwords that also have non-alpha characters. These can be reproduced anytime and anywhere if you remember the method/word/phrase you used to create the passwords.

asaens July 26, 2012 5:02 PM

Re: DigitalGeoff Jan. 30, 2012 1:42 am. Besides obvious choices, deathswitch.com is a possible alternative for some.

Sharky October 27, 2012 1:00 PM

There is a good program out there called Password Safe. It’s made by this brilliant guy named Bruce Schneier. You can use this tool to create and store all your secure passwords, and then encrypt the password vault with an easy to remember but difficult to crack pass phrase. There’s no need to write down passwords. Bruce Schneier should read up on this Bruce Schneier guy.

Jason November 17, 2012 8:33 PM

@Kevin: What happens if the website is redesigned, which occurs with almost every web site every few years. Even if you hash only with the domain name, sometimes that changes too.

Salty April 9, 2014 12:09 PM

I use the first letter of each word in a phrase or sentence. I put in punctuation for the special chars (I don’t always end with a period) and use upper and lowercase and throw in numbers too. If you can remember the phrase/sentence, then you can remember the password. I store keywords on paper to help me remember which password to use when.

Derek Read June 5, 2014 5:52 PM

For those worried about losing their paper copy you can secure that by remembering a cypher that you always use. It need not be complex at all. To keep it simple apply the cypher to just one or two characters. Then use the “write on paper” method from this blog. That way if you lose your wallet your passwords will not be immediately discoverable.

Example rule: 3rd char is char -1, reverse shift key for last char
Example of actual password: d82#$JKm2aB
What you write on paper: d83#$JKm2ab
Example of actual password: uuI&#pw@6684237
What you write on paper: uuH&#pw@668423&

Huffleflump June 6, 2014 7:39 PM

I used the Harry Potter book of Mythical Beasts + important numbers. Keep the book near your computer..

Jimbob Secure June 7, 2014 1:16 AM

Use two paper lists keyed to each other:

1) Passwords made up of random words, numbers, and keyboard symbols, a separate password for each site, or account, etc. Only the password itself, and the key to coordinate it to the other list.

2) All the other information needed about each password, eg. coordinating key to passwords list, site name, URL, user name, account number, etc., but not the password itself. User names are better each unique for each password.

Keep the two lists separately stored in convenient locations, say one in a pocket notebook, and one in a brief case, or some similar arrangement where they can be readily accessed, but are not both likely to be lost or misplaced at the same time. You may remember the passwords most often used, and use the lists for those less easily remembered,

Keep a master list of all coordinated passwords and information on your most secure computer, with whatever encryption or file locking security you may use. It is also helpful to have separate files for each of the two lists. Update the master list whenever you have occasion to, and periodically update the paper copies of the two lists you carry with you.

Kevin Tuck August 19, 2014 10:32 AM

A strong but memorable password can be generated easily by using the initial letter of each word of a poem or quotation. For example, this poem…

I wish I was a little grub
With whiskers round my tummy
I’d climb into a honeypot
And get my tummy gummy

…becomes the password IwIwalgwwrmtIciahagmtg.

You can add an additional layer of complexity by allocating a hash and number to a personal name. For example, “I” could be allocated the code #1. So the final password is: I#1wI#1walgwwrmtI#1ciahagmtg

Tonzales November 2, 2014 4:52 PM

Hi guys! The best way to have passwords so far have been that you generate a random string (12-16 characters long) and then store it non-digitally (like write it down to a paper) and then hide it.

neoselen November 25, 2014 10:57 PM

yeah, great idea, like that, you will be sure to lose the piece of paper to a spy agent, and let him see your accounts.
Nice idea…

Gopinath January 2, 2015 8:45 AM

Hi Guys,

A strong but memorable password can be generated easily by using your branded watches,

For example : My watch is Rolex

and My password is XeLoR&RoLeX&XeLoR

Magne January 16, 2015 4:38 AM

@Gopinath : That is a truly terrible password. First, there are only so many watch producers, so password crackers will have an easy way of trying all of them, just like a dictionary attack. Besides, you actually posting your password scheme here makes it a terrible password scheme, because now you’ve just made it public, and the crackers regularly read forums like these, and implement targeted guessing against that new kind of password scheme. For everyone else: Don’t make your password of the format WatchProducerNameBackwards & WatchProducerName & WatchproducerNameBackwards . It is a terrible password, cracked in mere seconds probably, and have now been compromised publicly here anyways.

@Schneier (OP) – I don’t agree that it is safe keeping your password on a piece of paper in your wallet. If you loose or forget your wallet somewhere, the person will then have access to it. Even worse, if you happen to use 1password (which is actually good in itself), then now the person has access to all your passwords and logins. Even if you say they should throw the piece of paper away when they no longer need it, and have memorized the password, most people will forget it in their wallet anyway. So that doesn’t work. If you absolutely want to advise people to writing down their passwords, atleast suggest they hide it somewhere in their home or something.

GridGhost April 29, 2016 4:20 AM

ok, we know about encryption algorithms and keys. the algorithm can be public. the security is in the key. ever occur to anyone to do this with passwords?

we’re always on about not giving away our password system publicly, and how crackers read all this to crack any system we use. we’re on about passwords being stolen, with or without the wallet or purse. we’re on about not teaching people our system and making them come up with their own. we still hate it when IT admins are short with us, saying, all random, universally unique, change every 3 months, and never reuse. i haven’t seen a password system do that yet. we need to be able to post the system, teach the system, have it stolen, and like the safe with the letter example from Applied Cryptography, still be secure. we say a password manager is needed, but i have seen data losses and failed backups checkmate that solution too many times. losing one password is not as catastrophic as losing them all.

in 1 workplace of mine, there is a picture frame on the cubicle wall. inside the frame is a sheet of paper and a pencil. and written on the paper? the best computer backup. in the end, Bruce is right, we need to write them down. so how can we do all this?

the goal: all passwords on everything being:
1. all random
2. at least 12 characters long
3. universally unique across everything
4. changed every 3 months
5. never reused
6. can teach/publish the password system without reducing security of any passwords or helping a password cracker
7. password system can be stolen without reducing security of any passwords (password system is not useful to thief)
8. able to change it all anyway if password system is stolen
9. have time to change it all before any password could be cracked
10. have backup copies of the password system that don’t need extreme security. this way losing a copy will not be catastrophic.

Bruce also made a brilliant observation in his Applied Cryptography book. an atm pin is typically 4 numbers. each number can be anything from zero to nine (a keyspace of 10). there are therefore ten thousand possibilities. 9,999 plus 0000. if you encrypt that 4 digit number to any other 4 digit number you get a 4 digit number. how’s the thief ever going to know the difference between an encrypted 4 digit number and an unencrypted 4 digit number. they look the same. it’s a 4 digit number both ways. even a simple Caesar shift will get the job done. that’s encryption you can do in your head.

encryption randomizes things. the ciphertext should always be random. if the plaintext is also random, the cryptanalyst will have the worst time figuring out when the decryption attempt is successful. an incorrect decryption looks the same as the plaintext or ciphertext, all random. like a random password for example? again simple encryption on that will get the job done.

a problem plaguing the old pencil and paper encryption methods is the table. leave that lying around and your encryption will be cracked much faster. it’s also hard to do table based encryption in your head. what if we didn’t need to leave a table lying around? we have a table that we have to use to enter the password in the first place. we call it a keyboard. lots of pattern possibilities too. also makes it possible to do table based encryption in your head.

remember the movie “Ghost” starring Patrick Swayzee? passwords in an address book? what if all of those passwords were encrypted? and there were copies? the boss could also have a copy. in case of death, the wife could explain to the boss how to decrypt it. the copies are not useful to anyone who doesn’t know how to decrypt them, including thieves. that includes the copy on your person.

ok, so you need to change them all.
just change the keyboard pattern you decrypt with. instant new random passwords across the board.

ready for the hard part? you need a random code of about 3 to 5 characters for every letter of the alphabet and the 10 single-digit numbers (zero through nine). use a spreadsheet so you can have 9 copies of this codepage to a sheet of paper without having to enter each code 9 times. printing one sheet gives you 8 backup copies. print it on rite-in-the-rain paper. cut out the codepages and laminate them like an I.D. card for your wallet. that should be good protection against “life” and Murphy’s Law.

so your password is “pencil” plus the quarter and year. you change the password every 3 months which is one quarter. say it’s the second quarter of 2016. your password is the decrypted version of the random code for “p”, plus the decrypted version of the random code for “e”, etc. for the word “pencil”. then add the decrypted random code for “2” (second quarter) and the decrypted random code for the numbers of the year. “pencil” stays the same, but the quarter and year change with every password change. this results in a different password every time with never a reused password. with 5-character codes, pencil becomes a 30-character random password. (there are 6 characters in “pencil”.)

the entry in the address book is “pencil”+quarter+year.
even if the thief gets both the address book and the codepage, it’s still useless. the “something you know” factor of authentication has shifted from the password to knowledge of how to form the password and decrypt the random codes. a thief would try “pencil22016” as the password, not knowing any better. the method of constructing the password (not the actual password) is in the address book. the actual codes you use are your “key”. and now you have the system. there is no need to ever replace a codepage. just change the keyboard pattern you use to decrypt the codes on the codepage and you have an instant new page of codes, without having to change the actual codepage. instead of “pencil” or “dolphin” you can use the website domain. in example: “amazon”, “gmail”, “netflix”. you don’t need them to be easier to remember. the address book does that for you. you just need them to be universally unique.

i just published this system without my address book or codepage and my passwords are still completely safe. they would still be safe if you did get my address book and codepage both. the codepage will not reduce the keyspace but the address book will. most thieves will think the code page more valuable. if they were ever stolen, i would have lots of time to change all my passwords and the address book will help me keep track of all the places i have passwords, so i can find them to change them. the address book can also be digital just like the spreadsheet. that means this system can be in both digital and dead-tree formats, with lots of copies (backups) of everything. and a password cracker can read all this and not be able to shortcut a brute-force attack on my passwords based on the information here. looking at the long sequence of random characters being used as the actual password will not help an IT admin figure out this system. so he won’t be getting into your life and cracking every password you have on every system out there based on the password he could get. he can’t complain either since he demanded a long random password in the first place ;P .

GridGhost April 29, 2016 5:57 AM

there were a few hints a password cracker could use in my previous post …

  1. no need to try any passwords 11 characters or less since there is a 12 character minimum. i said “pencil” becomes a 30 character random password. the difference between 12 and 30 is greater than the difference between zero and 12, so i’m not concerned.
  2. i don’t use the spacebar in my passwords. the keyspace for a character is then 94, not 95. the reasons are as follows: if the space is in the middle of the random code it can be hard to see, especially on a printout. in the spreadsheet, i drag the mouse over the whole random code to make a space more obvious. a space at the beginning or end of a code is even more difficult to see, again, especially on a printout. a careful password cracker could have figured that out.

in my own use of the system, i have 4 keyboard patterns, not just one. so every 4th character uses the same pattern. in the first 8 characters of a password:

characters 1 and 5 use the first pattern
characters 2 and 6 use the first pattern
characters 3 and 7 use the first pattern
characters 4 and 8 use the second pattern
and so on …

i use the shift key on some of the patterns, thus achieving the full 94 keyspace per character.

this is similar to my random codes being encrypted with 4 different symmetric substitution keys.

for less demanding password requirements, i use a decrypted random code (to force password crackers into brute force mode) plus a normal weak password to get at least 12 characters.

i may have forgotten to mention that decrypting a random code results in another random code. different decryption keyboard patterns result in different random codes.

@Bruce

it is actually my hope that you will in some way publish this system. i am not a writer and this badly needs to be re-worded to put the thoughts in order and make them cohesive so the reader can follow along and not get lost. i don’t even need credit for the idea. (i actually would prefer to avoid getting credit). i just want the world to have at least one system that works as required. i know it’s too complicated for most to use. if there was a simple way, it would have been done by now. you can re-word, publish, claim credit for, or whatever with my 2 posts here. I’m not looking to be hunted down for posting an inconvenient truth though.

GridGhost April 29, 2016 6:00 AM

Ooops ! …

characters 1 and 5 use the first pattern
characters 2 and 6 use the second pattern
characters 3 and 7 use the third pattern
characters 4 and 8 use the forth pattern
and so on …

can you tell i’m a programmer too?
at least i’m not short with people ;P

GridGhost May 1, 2016 1:27 AM

pwgen can be used to generate the codes. i guess noone is still reading this. :/

Don April 23, 2017 6:25 PM

I keep my passwords in a plain text file on my computer. I encrypt that file with bcrypt, which you can download for free. I use this from a Unix command line, which is available on both Linux and Mac.

The ideal solution would to be have a small, simple biometric device, separate from your actual computing devices.

Ronsdahl June 7, 2017 4:36 PM

The main argument against writing your passwords on a piece of paper in your wallet that people have presented is that you might lose your wallet. The solution to that is to write out two or three copies, keep one in your wallet, and the others in various safe places. If you lose your wallet, after cancelling your credit cards, you then just go grab one of the copies from behind the loose brick in the fireplace or wherever, change all your passwords, and write out new copies.

Those who are advocating manual encryption through some wonky patterns have way better memories than I do. Way back when I was in school I once forgot my three-digit locker combination which I had been using for months. Not after a holiday or anything; like in the afternoon on a Wednesday, after using it that morning. There is no way that, for example, after six months I would remember either the key phrase or the encryption technique.

Sarah September 1, 2017 8:17 AM

This is all sensible advice – different people remember things different ways. For myself, since I need my passwords on the move, I keep them in a small database on my phone, which backs up to the cloud (so can be retrieved if the phone is lost, stolen or broken. However, I don’t write down all of the password: just enough as a mnemonic to me which is not likely to help anyone else. For many sites, I don’t care about the password, so they are entered as “standard”. Others may need to be a little more secure, so they are entered as “secure standard”. Then there are the email and bank accounts, each of which need a different, safe password. I won’t tell you how I enter those, but for my business account, which needs to be changed every so often, I write it as , which again is not the exact password but gives me what I need to remember.

1AlaskanAssassin February 11, 2018 11:05 AM

My passwords are all jibberish, based not on words but finger placement on the keyboard. You can just make a fairly easy pattern including numbers that you’ll be able to remember, and it won’t be anything any bot can look up.

The hard part of course, is that certain websites have many more rules, like requiring special characters, and others have conflicting restrictions such as not being able to use special characters.

As soon as you’re making me remember 3 slightly different passwords, you’re ruining my life. And I refuse to use a pw manager, just doesn’t seem like a good idea.

p.s. This is a 13-year old article!

woody baker August 9, 2018 8:57 PM

Just pick an easy to remember password for a site, run it through base 64 encode, and you will have a very hard to guess password, with the advantage that you can recreate it any time using base 64 encode, and there are a dozen base 64 encode/decode sites on the internet. Add a couple other numbers to the end of it if you wish.

This can be extended to the following:
create an easy to remember password for a site, in this case you can even use the site and account name. Run it as plain text through an AES encryption program, either locally or on the web. Convert that to base 64, or readable hex whichever.
The key here, is you create a single password, and MEMORIZE it. You can either use AES as an encryption or decryption, and chose to use the password as either they key (where you would use the site name as the plaintext) or use the site name as the key, and the password as the plain text. In either case, all you need is
the master password, the site name, and an AES, TWOFISH, or even DES encryption/decryption program.
My favorite is a 512 byte msdos implementation of IDEA, though I have no idea where I got it. It encrypts and decrypts in place.

A.J. December 19, 2018 1:16 AM

I see no logical need for writing down passwords, even circa 2005. You could always find a way to keep them in a compressed file with AES encryption or older (good enough for most people) methods. Said file can be in your reach at all times by various diligent means.

I’m adding another recommendation for KeePass as the best free password manager, in part because it’s open source and you can (strongly assume) knowledgeable people have checked it for deceit.

I don’t like online systems like LastPass, prone to partial hacking, even if your keys are “uncompromised.” There are manual ways to get your passwords anywhere if you can handle less convenience for more security.

If you back up the file in multiple locations, including to the cloud (in an encrypted archive file with a different master code) you have little risk of losing it. I wouldn’t expose my primary master code to the cloud as the only line of defense.

Nathan January 12, 2020 6:26 AM

I just want to say that when I subscribed to the comments on this post years ago, I never imagined how much enjoyment it would bring me over the course of 15 years.

I wrote all my passwords down after first reading this post, and added a little salt using part of the domain and the date I created/changed the password.

Thanks for all the years of advice Bruce

Francisco January 21, 2020 2:06 AM

I use a random word (nothing like my mom’s name, just something random nobody could easily guess, but not difficult to remember) and I mix it in all my passwords. So, let’s say the word is “banana”, I could have a password like “X43wwbNBANANA33fg”. When I write down that password in paper, I write “X43wwbN****33fg”, so, even if someone found my password’s notebook, they would have to correctly guess that random word. I write down all my passwords in a notebook I keep at home.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.