Friday, March 24, 2017
facebook twitter linkedin google plus pinterest youtube rss

Sunday, 31 January 2016 20:11

How to create (and remember) a 16 character password

Written by Brendan Ihmig

Whether you like it or not, Online security is essential and simply part of our all encumbering digital centric lives we have created for ourselves. From our work or private email account to the mobile app store we use or a social media platform or our Internet banking account, we all need and depend on some level of Online security and trust (to varying degrees) the people behind the services we use daily. These services require us to use a password to access our accounts and profiles and herein lies the conundrum; password complexity and the ability to remember them are indirectly proportional to one another. And that is a problem.

In order to try and find the 'sweet spot' between having a password that scores well in terms of its complexity and strength, while still being able to easily memories it, I have worked on various methods to do so. Here is one such example which shows how to create (and remember) a 16 character password.

Minimum password requirements

It is now common place to find that the minimum requirements of a password is a password with a minimum of 8 characters in length and must contain at least 3 out of 4 of the following items:

  1. Uppercase letters
  2. Lowercase letters
  3. Numbers
  4. Symbols

At this minimum requirement, it was possible in 2012 to calculate or 'guess' a password within 6 hours. Today, given the right computing resources, it only takes a few minutes. So, I suggest you forget about minimum requirements altogether and as of today, I would recommend using a password of 16 characters in length and uses all four of the items mentioned above.

Easier said than done right? Well, it does not really have to be that way.

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.” ~ Chris Pirillo

The best 16 character length password is one that is comprised of all characters being unigue (no repeated letters, numbers or symbols) and randomly stung together (no consecutive letters, numbers or symbols). If created correctly, it could take a current, standard desktop PC a few million years to solve a 16 character length password by guessing a password once every second. Using all the letters (upper and lower case), numbers and symbols on a standard 101-key keyboard results in a total of 94 usable characters. Combined into a sting of 16 characters (with no exceptions) and these 94 characters create an astronomical amount of combinations: 458 quadrillion (or 4.58929E+17 to be exact). That is 458 followed by 15 zeros!

The complexity obtained by combining all those characters into one 16 character password is mind blowing, but only of real use if you can actually remember it. So, here is a relatively simple method of creating such a password that can be easily remembered. Please read the disclaimer at the bottom of this article if you do intend on using this method of creating a password.

The concept

This method requires you to simply pick a word that has 8 unique letters and a 4 digit year that has unique numbers. By adding corresponding symbols based on the year you will have 16 characters. In order to achieve the highest form of complexity from the characters a 'template' can be used, which divides the 16 characters into 4 groups of 4 characters. Each group is comprised of 1 upper case letter, 1 lower case letter, 1 number and 1 symbol. The grouping within the template allows for easier memorizing while providing a relatively high level of randomizing which is essential for password complexity.

16passwordfig1

Figure 1 illustrates the basic concept of the template that will be used to create a 16 character password.

Creating the password

Step 1

First you need to select a memorable word that contains 8 letters which are all unique. Here are 26 examples of such words:

absolute • backfire • calories • daughter • earplugs • fracture • gamblers • handover • idealogy • jackpots • keyboard • ladybugs • magnetic • networks • obstacle • padlocks • question • rainbows • sandwich • thinkers • unblocks • vineyard • wackiest • xanthous • yachtmen • zaptiehs

Visit www.morewords.com to find unique 8 letter words

Step 2

Now select a year (that is either memorable or connected to the word selected) that has all numbers being unique (for example 1549 or 1820 or 1945).

Step 3

Using the selected year, select the corresponding symbols which relate to the each number. So 1 = !, 2 = @, 3 = # etc.

Step 4

Take the selected word and alternate each letter with upper and lower case. As an example the word 'jackpots' will become 'JaCkPoTs'

Step 5

To create the first group of 4 characters take the first and second letters from the word, add the first number from the year and add the first corresponding symbol. To create the second group of 4 characters take the third and fourth letters from the word, add the second number from the year and add the second corresponding symbol. Continue accordingly for the third and fourth croup of characters.

Lets look at a few examples of how the template works and how it can be relatively easy to remember.

Password example

As an example, let us imagine that you got your first computer way back in 1987. It was an IBM PS/2 and you remember it well because it was the first time you played chess on a PC. For this example of a password we can use the word 'computer' and the date '1987' They are both easy to remember as they relate to one another and have significance to you. Figure 2 illustrates how the template can be used to generate the 16 character password.

16passwordfig2

The resulting password would be: Co1!Mp9(Ut8*Er7&

This password would score 100% on www.passwordmeter.com and would take 12 trillion years to crack according to www.howsecureismypassword.net

Alternative examples

For another example, let us imagine you studied horticulture and wrote a paper about cross pollination of fruit trees. You would be familiar with the term 'xenogamy' and the year '1876' would have significant meaning. As an alternative to the above example, you could alternate the cases of each letter by starting with a lower case letter.

16passwordfig3

The resulting password would be: xE1!nO8*gA7&mY6^

This password would score 100% on www.passwordmeter.com and would take 12 trillion years to crack according to www.howsecureismypassword.net

 

In a final example, let us imaging that you are a wine collector who enjoys wines from the South African cape winelands. You could use the word 'vineyard' and the year '1820' as they would have significant meaning to you based on your interest in viticulture. As an alternative to the above examples, you could begin your password with a number followed by an upper case letter followed by the corresponding symbol followed by the lower case letter.

16passwordfig4

The resulting password would be: 1V!i8N*e2Y@a0R)d

This password would score 100% on www.passwordmeter.com and would take 12 trillion years to crack according to www.howsecureismypassword.net

Conclusion

From the above examples you can see that in order to create a seemingly random, 16 character password that would be extremely difficult to remember, all you would need to actually remember is one word and a year and then the template you used. Please read the disclaimer below if you do intent on using this method for creating a password for any of your Online accounts or profiles.

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” ~ Gene Spafford

I hope this method helps you create better passwords in the future and if you have any suggestion, corrections or additional comments please feel free to leave them in the comments below.

 

Disclaimer

Although much though, effort and calculation has been put into creating this method for crating a complex and memorable 16 character password, it does no guarantee a perfect password as any password can be guessed given enough computing power and time. While my method provides a solid base for creating a password, it does have some minor short comings and thus I encourage you to do you own research and determine your own method for creating passwords if you find mine to fall short of your security expectations. Should you decide to use this method to create a password you remain liable for your own security and I can not be held responsible for any resulting actions from using the above mentioned method for creating a password. To this extent, I strongly recommend that you change your password as frequent as every 2-3 months for high important or sensitive applications and every 4-6 months for lessor important or sensitive applications.

 

Read 3204 times

2 comments

  • Comment Link CoenThursday, 04 February 2016 08:26 posted by Coen

    ThAnK$ B!.
    I'll try 2 ReMeMbEr th@t 1.

  • Comment Link Brendan IhmigThursday, 04 February 2016 12:37 posted by Brendan Ihmig

    You are welcome - hope it was logical enough to make sense!

Leave a comment

It would be great if you could post your thoughts or opinions on this article in a comment below. Make sure you enter all the required information where indicated (*). HTML code is not allowed.

0
Shares

I'm rather social!

Close

Feel free to follow me on the social networks below - simple click a button!