We’ve all been in situations where we forgot our password, wrote it down, used a certain pattern, even used the word “password” or whatever common word just for the sake of easing it up for our memory.
Composing a complex password which is fairly hard to break by several known techniques such as guessing, brute force, dictionary or any other form of attacks is pretty hard especially when it comes to follow a set of rules of a certain security policy forcing the use of alphanumeric characters in a certain combination of a minimum defined length, disabling the re-usage of previous passwords, setting a reset expiry date, and so on. Each organization, website or any system having password authentication have such defined set ranging from simple basic rules to much more complex and strict ones.
We need to keep in mind that with increased security, we can be sacrificing good user experience and functionality.
With too many accounts to handle on different websites (Blog, Social media, e-mails, etc…) and various devices, several problem arises and proves how our memory can sometimes fail us. So we end up using weak, redundant passwords making us an easy fish for attackers.
Update: “THROUGH 20 YEARS OF EFFORT, WE’VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.“
As part of my readings I remember The Usability of Passwords post by Baekdal suggesting that passwords such as “this is fun” can be more secure than “$TiF12aSP#” and the good part is its easy to remember. The idea is simple it consist of choosing a set of common or uncommon words that are constructed in a way that made sense to the user and can be easily remembered such as “word sec cool blog” now this is an example and Ii believe its still weak, so to add a little bit more complexity we can add some symbols instead of spaces, some capitalization and a number leaving us with something like this “worD&Sec-cOOl-12Blog“.
Now still thinking about the idea behind it and it’s making sense to me yet these words can be found still in dictionaries, could that be a possible problem? Then the light bulb shined in my mind; since I am from Lebanon my native language is Arabic and as form of communication on the Internet we chat with each other using the English letters yet representing Arabic words and where some pronunciations require us to add a numeric representation. So what if we used that as a form of password generation? for example my password could be “Kelmet-Sirr-2awiyeh” meaning in English a powerful password, it’s easy to remember and very strong based on the following password strength meters:
Now the concept can be applied in other languages using English letters as a form of chat language representation.
What do you think of such technique and concept? Can we consider it as a strong complex password generation method?
Image courtesy of xkcd