Hapgood

Tanya Joosten was asking today about password managers, and it being 4:30 p.m. it seemed as good a time as ever to talk about password mental algorithms, and how they can make your life easier. Here’s how they work (keep in mind this is not *my* algorithm, just an example).

First pick a good root password. You’re just going to have to remember one root, so you can afford to make it good.

4tYPoG!U

Now come up with your algorithm. It should be based on some system you know with enough of a twist to obfuscate it. What the system is will depend on what you know — the periodic table, release dates of Beatles records, the stops on the Boston Red Line.

Here’s an example — take the first three letters of the domain name, express them as the NATO phonetic alphabet, and intersperse the second letter of each of those words in slots 1,3, and 5 of the password. E.g.

Google = Golf Oscar Oscar = oss = o4stYsPoG!U

Outlook = Oscar Uniform Tango = sna = s4ntYaPoG!U

This sounds incredibly hard, but in reality since you type in passwords a lot you practice the system a lot and it becomes second nature.

You want to see the Beatles example? Sure. Google has six letters, the sixth Beatles album was Rubber Soul, so maybe:

R4utbYPoG!U

That system will give you the same password for Outlook and Twitter, but you’ll live.

Once you know the system, it’s easy to see what letters have been replaced. But a person that learns one of your passwords can’t possibly intuit the other passwords without the system. If you want to change your passwords after six or twelve months, then alter the system slightly — now it will be the third letter of the word, or slots 3,4,6. Whatever.

Again, it sounds crazy complex, but it is so much more simple than remembering 40 separate passwords, and much less nerve-wracking than putting all your passwords into a piece of software that can become a single point of failure.