April 26, 2010 at 13:49A complex password does not need to be memorized
All passwords for different resources should be long, complex, personal and not similar.
But how to come up with so many different passwords? Suppose we find on the vast expanses of the Internet the program we need that generates the number of character characters we need. But how to remember all this riot of letters, numbers, punctuation marks, and, I’m not afraid to say this phrase, characters that are not understandable at all in the form of emoticons, arrows, houses and Chinese characters? And how not to mix up what “unreadability” from which site?
I definitely can’t remember. I even forget the four-digit plastic card PINs the next day. You can write down passwords and at the right time lose everything that has been accumulating for many years. And if you have paranoia? You will have to put your cipher block in a bank cell. But you will forget the next password from the next armored door almost immediately.
But what if there is a way to not invent, remember or write down the keys to our secrets? I suggest a way to come up with such passwords.
We will need only three things.
1. A “magic” tablet (about it later) with which we will create passwords,
2. An individual key phrase,
3. The name of the resource for which we will create a password.
And nothing more. Are you intrigued?
First, I’ll introduce you to the “magic” table. This is a key element of this method of inventing passwords. I note right away that this is not my invention. At school, with the help of such a table, I encrypted my secret records. I just modified it a little.
And it’s not so magical. In the three left columns (left field) are non-repeating characters. In a large square field (main field), Latin symbols and numbers are periodically repeated horizontally and vertically. In the top three lines (top field) are any characters, it is from them that passwords will be obtained.
Well, we have a table. It remains to come up with a key phrase and find a resource to which we will come up with a password. Let password be the first and mysite the second. We will invent a password of sixteen characters. Go.
Take the first letter of the key phrase ( p ) and find it in the left field. Have you found? Now in the same line in the main field, find the first letter of the resource name ( m ). Also found? Go up the column and find the first character of our password (number 0 ). And then repeat the same thing for each subsequent pair of characters. Are the letters in the word over? It's okay, start at the beginning of the word. You will see the result in table 1.1.
Not bad. There are even numbers in the password.
How the result of making a password for Habrahabr will look like is shown in table 1.2. We changed only the name of the resource ( habrahabr ), and the password changed.
I know that there are people who want to see capital letters and punctuation marks in the password. Let's draw them.
The word HaBRaHaBR has consonants. Have you noticed too? Then let's change the letters to uppercase in the same password positions. The result is in table 1.3.
And now we will replace the password symbols 4, 8 and 16 with punctuation marks (table 1.4), for this they are needed in the upper field of the “magic” tablet.
I want to note that if the number of characters in the keyword phrase and in the resource name is the same, then the password characters will begin to be repeated. To avoid this, you can, for example, add letters to the name of the resource. For example, habrahabr + dobivka = habrahabrdobivka (table 1.5).
As a key phrase, you can use whatever you want. Even a quadratic equation is suitable (table 1.6).
You can use your favorite character from the children's book (table 1.7).
And for a change, Cyrillic characters can be inserted into the password. In table 1.8, they are inserted where vowels are in the keyword and in the resource name.
While preparing materials for publication, I came up with another way to use this method. The fact is that I am also annoyed by security questions in password recovery systems. Who else besides you knows your mother’s maiden name? I think everything. Here is another security weakness. Your mom will not be offended if you encrypt her last name? Then you can safely use the principle from table 1.9.
If everyone uses the same “magic” table, then I think it will not be good. Here is another one.
How is she different? The left margin is the same. In the central field, I changed the sequence of characters. And the top field arranged the Russian and Latin characters not quite in alphabetical order.
In fact, you can create your own table by following four simple rules.
1. You must remember by what principle you compile the table.
2. In the left field, characters must not be repeated.
3. In the main field, characters should not be repeated in columns and rows.
4. In the upper field, you can arrange any characters in any order.
Now let's try to create a password with the passphrase and resource name from our first example, but using the second encryption table. What happened is visible in table 2.1. Feel the difference.
And in order for you to be able to create a personal table with less effort, here I posted the source in .xls format.
Suppose you went to your favorite Habrahabr, Vkontakte or to a site where in all details and with pictures it is told how to use cabbage in which children are found and trying to remember a password? And you do not need to remember the password. You can not remember it at all. How is this possible?
1. You have compiled a personal cryptographic table according to a principle that is clear to you. Then even her loss will not be a big problem. Restore her.
2. Do you remember your personal passphrase. But you remember the number π to the fourteenth decimal place.
3. You are sane and well understand which site you visited.
That’s all you need. Create a password again, it will be exactly the same.
Does this phrase annoy you too? Even infuriates? As I understand you. You need to do so many extra gestures. But what if ...
You have a key phrase. And your “forgetful co-workers” have a personnel number or login. Let's use it for its intended purpose.
Do security rules at your work require a password change once a month? More often? Then, under the same conditions, change the passphrase and recreate passwords.
And of course, no one will forbid you to automate the process.
I understand that using a piece of paper or even a picture of an encryption table on a computer is not very convenient. Therefore , I have a request . If you liked the idea and you can create an application for a PC, phone, smartphone or communicator, then go for it. I myself am not local, my hands are not sharpened for this ...
Thanks, iFaTaL1Ty , for the link to Habrahabr with a similar idea.
Thank you, VasyaMobile , for almost the same idea from Yandex.
BIG thanks, jursovet . Here is not only a similar idea, but also a practical way to implement it.
Moved to a thematic blog.
Topic on Habrahabr where critical comments are made on this method of inventing passwords. And this is my response to criticism.
I quote my comment :
rbJJkjwqmIyLm7er is the password for the mojdomain site. Recover the key phrase, and I confess that I'm an idiot.
User dolfero wrote on the Python script is based on the article - github.com/dolferoIHYD/password_generator
But how to come up with so many different passwords? Suppose we find on the vast expanses of the Internet the program we need that generates the number of character characters we need. But how to remember all this riot of letters, numbers, punctuation marks, and, I’m not afraid to say this phrase, characters that are not understandable at all in the form of emoticons, arrows, houses and Chinese characters? And how not to mix up what “unreadability” from which site?
I definitely can’t remember. I even forget the four-digit plastic card PINs the next day. You can write down passwords and at the right time lose everything that has been accumulating for many years. And if you have paranoia? You will have to put your cipher block in a bank cell. But you will forget the next password from the next armored door almost immediately.
But what if there is a way to not invent, remember or write down the keys to our secrets? I suggest a way to come up with such passwords.
We will need only three things.
1. A “magic” tablet (about it later) with which we will create passwords,
2. An individual key phrase,
3. The name of the resource for which we will create a password.
And nothing more. Are you intrigued?
Magic table
First, I’ll introduce you to the “magic” table. This is a key element of this method of inventing passwords. I note right away that this is not my invention. At school, with the help of such a table, I encrypted my secret records. I just modified it a little.
And it’s not so magical. In the three left columns (left field) are non-repeating characters. In a large square field (main field), Latin symbols and numbers are periodically repeated horizontally and vertically. In the top three lines (top field) are any characters, it is from them that passwords will be obtained.
Well, we have a table. It remains to come up with a key phrase and find a resource to which we will come up with a password. Let password be the first and mysite the second. We will invent a password of sixteen characters. Go.
Password creation
Take the first letter of the key phrase ( p ) and find it in the left field. Have you found? Now in the same line in the main field, find the first letter of the resource name ( m ). Also found? Go up the column and find the first character of our password (number 0 ). And then repeat the same thing for each subsequent pair of characters. Are the letters in the word over? It's okay, start at the beginning of the word. You will see the result in table 1.1.
Not bad. There are even numbers in the password.
How the result of making a password for Habrahabr will look like is shown in table 1.2. We changed only the name of the resource ( habrahabr ), and the password changed.
I know that there are people who want to see capital letters and punctuation marks in the password. Let's draw them.
The word HaBRaHaBR has consonants. Have you noticed too? Then let's change the letters to uppercase in the same password positions. The result is in table 1.3.
And now we will replace the password symbols 4, 8 and 16 with punctuation marks (table 1.4), for this they are needed in the upper field of the “magic” tablet.
I want to note that if the number of characters in the keyword phrase and in the resource name is the same, then the password characters will begin to be repeated. To avoid this, you can, for example, add letters to the name of the resource. For example, habrahabr + dobivka = habrahabrdobivka (table 1.5).
As a key phrase, you can use whatever you want. Even a quadratic equation is suitable (table 1.6).
You can use your favorite character from the children's book (table 1.7).
And for a change, Cyrillic characters can be inserted into the password. In table 1.8, they are inserted where vowels are in the keyword and in the resource name.
While preparing materials for publication, I came up with another way to use this method. The fact is that I am also annoyed by security questions in password recovery systems. Who else besides you knows your mother’s maiden name? I think everything. Here is another security weakness. Your mom will not be offended if you encrypt her last name? Then you can safely use the principle from table 1.9.
Create your “magic” table
If everyone uses the same “magic” table, then I think it will not be good. Here is another one.
How is she different? The left margin is the same. In the central field, I changed the sequence of characters. And the top field arranged the Russian and Latin characters not quite in alphabetical order.
In fact, you can create your own table by following four simple rules.
1. You must remember by what principle you compile the table.
2. In the left field, characters must not be repeated.
3. In the main field, characters should not be repeated in columns and rows.
4. In the upper field, you can arrange any characters in any order.
Now let's try to create a password with the passphrase and resource name from our first example, but using the second encryption table. What happened is visible in table 2.1. Feel the difference.
And in order for you to be able to create a personal table with less effort, here I posted the source in .xls format.
“Remember” the password
Suppose you went to your favorite Habrahabr, Vkontakte or to a site where in all details and with pictures it is told how to use cabbage in which children are found and trying to remember a password? And you do not need to remember the password. You can not remember it at all. How is this possible?
1. You have compiled a personal cryptographic table according to a principle that is clear to you. Then even her loss will not be a big problem. Restore her.
2. Do you remember your personal passphrase. But you remember the number π to the fourteenth decimal place.
3. You are sane and well understand which site you visited.
That’s all you need. Create a password again, it will be exactly the same.
“Serezhenka, and again I forgot the password for corporate soap”
Does this phrase annoy you too? Even infuriates? As I understand you. You need to do so many extra gestures. But what if ...
You have a key phrase. And your “forgetful co-workers” have a personnel number or login. Let's use it for its intended purpose.
Do security rules at your work require a password change once a month? More often? Then, under the same conditions, change the passphrase and recreate passwords.
And of course, no one will forbid you to automate the process.
Instead of an epilogue
I understand that using a piece of paper or even a picture of an encryption table on a computer is not very convenient. Therefore , I have a request . If you liked the idea and you can create an application for a PC, phone, smartphone or communicator, then go for it. I myself am not local, my hands are not sharpened for this ...
PS I know that the keyword is in English keyword. I used the word password specifically to confuse the special services of all countries, times and peoples.
Updated after publication
Thanks, iFaTaL1Ty , for the link to Habrahabr with a similar idea.
Thank you, VasyaMobile , for almost the same idea from Yandex.
BIG thanks, jursovet . Here is not only a similar idea, but also a practical way to implement it.
Moved to a thematic blog.
Criticism
Topic on Habrahabr where critical comments are made on this method of inventing passwords. And this is my response to criticism.
I quote my comment :
rbJJkjwqmIyLm7er is the password for the mojdomain site. Recover the key phrase, and I confess that I'm an idiot.
Update as of August 24, 2019
User dolfero wrote on the Python script is based on the article - github.com/dolferoIHYD/password_generator