How to remember passwords
As I’ve said, the best way to ensure that
you never forget your passwords is to offload the task of remembering them to a
password manager like 1Password. Most of the time, that’s the only trick you’ll
need. But no matter what tools you use, you’ll have to memorize at least a few
passwords. Because those are among your most important, you don’t want to trade
security for memorability. Here are tips that can help you make sure your brain
doesn’t betray you.
Pick which passwords to memorize
I have no idea what 99 percent of my
passwords are. They’re long strings of random computer-generated characters.
When I need to use them, I let my password manager fill them in for me, or I
copy and paste them if necessary.
Pick
which passwords to memorize
However, one password I’ve memorized cold
is the one that I use unlock all of the other passwords stored in my password
manager. I’ve also memorized my OS X user account password, because I enter it
many times a day; and since I use OS X’s FileVault, I need that password to
start up my Mac before I can access any automated tools. Also, I’m frequented
prompted to enter the passwords for my iCloud, Gmail, and Dropbox accounts, so
I’ve memorized those, too.
Your list might differ, but most people can
get by with committing no more than half a dozen passwords to memory.
Choose a path to high entropy
Once you know which passwords you need to
memorize, your next job is to choose passwords that are strong enough to defeat
automated hacking attempts yet memorable enough that you can produce them
instantly and for bonus points, they should be convenient to type.
Your
next job is to choose passwords that are strong enough to defeat automated
hacking attempts
You undoubtedly know the basic drill: All
things being equal, longer passwords are better than shorter ones; random
passwords are better than those that follow a pattern; and the best passwords
combine upper- and lowercase letters, numbers, and symbols. It turns out,
though, that a password doesn’t need to possess all of those qualities in order
to be secure; for example, a long but simple password can be just as secure as
a short but complex one. This is provable through a concept called entropy, which
in this context, refers to the mathematical approximation of how difficult a
given password is to guess.
Depending on how you perform the
calculation, the passwords 7H#e2U&dY4 (ten random characters) and blanketsensory
(14 nonrandom characters) are approximately equal in strength, but the latter
is much easier to remember and type. Even though it contains only lowercase
letters, and blanket and sensory are both ordinary English words,
the password’s entropy is high enough that a concerted brute-force attack would
take days or weeks to crack it.
If your memory is excellent and limiting
your passwords to the fewest possible characters is your biggest consideration,
then go with a shorter random password – but remember that whereas short
used to mean eight or nine characters, nowadays using 12 to 14 keystrokes is
safer. Nevertheless, since most people can type long words faster than short
bursts of random characters, you may find that a 25-character phrase is more
convenient to enter in daily use than a 12-character string of nonsense,
Let a computer pick your passwords
I’ve sometimes advised people to use
mnemonic cues to remember passwords. For example, taking a sentence such as “I
once drank three cups of coffee before realizing it was decaf,” and using just
the first letter of each word, with a capital and a number thrown in, creates Iod3cocbriwd
– a reasonably strong password. But because humans unconsciously tend to
introduce patterns into passwords produced through these means (which makes
guessing the password easier), I let a computer create a selection of random
(but memorable) passwords, and then I choose one that sounds good. You have
numerous ways to do this.
They’ve
sometimes advised people to use mnemonic cues to remember passwords
If you open Keychain Access on your Mac (in
/Applications/ Utilities), choose File ð New Password Item,
and click the key icon next to the Password filed, a Password Assistant window
will appear. Choose Memorable from the Type pop-up menu, and select a
password length. The utility will produce a password consisting of a
combination of words, numbers, and symbols (such as nineteenth8590.middlingly
or baiting325@certifications). Don’t like the first suggestion that you
see? Click the pop-up menu to generate more, or choose More Suggestions
from that menu to get another list.
1Password’s password generator also has a
mode that creates a series of pronounceable syllables (not necessarily English
words), with or without intervening digits or hyphens – such as liegnicroci,
lieg7ni2croc5i, or lieg-ni-croc-i. To generate them in the
1Password app, choose File ð New Item ð New
Password, click Pronounceable, and select the separator and length
that you prefer. Click the Refresh button to see another password
choice. (The directions are similar when you’re using 1Password’s browser
extensions, although the layout and options are slightly different.)
Have backup plans
If you’re afraid you’ll forget your
memorable passwords, you can write them down, as long as you keep that paper
in a safe place. Your wallet might be a fine location (indeed, security
expert Bruce Schneier recommends it [www.schneier.com]). Also, consider giving
a copy to your spouse or a trusted friend, or putting it in a safe deposit box.
If something happened to you, and your family or business associates urgently
needed access to your data, the security of storing your passwords only in your
head would work against you.
