Passphrase Mnemonics

How many passwords do you have?  More than one?  Do you have a separate, robust, easily remembered password for each and every login you have?  I’m thinking that the majority of people fall into one of two categories when it comes to passwords; first up are the folks that just find it too annoying or bothersome to try to remember so many passwords so they just use the same password for every site.   The other group go to the opposite extreme and utilize great little tools like 1password or PasswordSafe.  These tools allow you to create cryptographically strong passwords and they will manage them for you as well.  These just require the user to remember one master password, then use a little bit of the cut & paste, never once needing to actually memorize the password.

Somewhere between these two is “Passphrase Mnemonics”  (yes, that’s my term for it – don’t blame anyone else).  Passphrase Mnemonics allows the average individual to have unique, easily remembered and cryptographically strong passwords for each and every site requiring a login without resorting to writing them down or storing them in a program.

Before we get right down to it though, let me explain why this post is entitled ”Passphrase Mnemonics” and not “Password Mnemonics”  It’s really quite simple: the term “password”  implies using a single word to verify your login, whereas “passphrase” implies using a string of words or a phrase.   Phrases are easy to remember and can provide more security than a single word.  And at this point, we should all be using phrases instead of words.  Especially words that can be found in a dictionary.  Not just an english dictionary; any dictionary such as French, Spanish, Swahili, Finnish, Vulcan, Klingon, Elvish, etc.   Any word that’s found in a dictionary can be easily brute forced using one of several freely available tools.

On to the method or the “Mnemonic”  (by the way, a “Mnemonic” is simply a memory device that you use to remember something ~ think of the old rhyme “30 days hath September…”  That’s a mnemonic to help remember the number of days that each month has)

Step by Step:

  1. Find a favorite book or movie – I like to choose a book with at least twelve chapters, so for this example I’ll use “Snow Crash” by Neal Stephenson
  2. Choose a chapter based on the number of the month.  Since this post is being written in September, I’ll use chapter 9.
  3. The initial passphrase will be the first sentence of the given chapter, so in this case the first sentence of the 9th chapter of “Snow Crash” is “The world freezes and grows dim for a second”
  4. Lets choose a site that requires a login.  I’ll choose Yahoo.
  5. Now create the passphrase for the site by using the first three letters of the site, followed by a special character:  yah!
  6. Appending the first three words of the initial passphrase (substituting underscores for spaces) yields: yah!The_world_freezes
  7. Last step, change each word by substituting a number or a special character for a letter in each word: yah!Th3_w0rld_fr3ezes

So for every site that requires a password you simply prefix your passphrase with the first three letters of the site.  This same password for Amazon would be ama!Th3_w0rld_fr3ezes.

Is this as robust and as secure as using software based password tools like PasswordSafe?  No, not at all.  But it’s a sure bet safer than using the same password everywhere!  And you don’t even need to write it down or have your pda handy to keep it safe.  All you need to do is remember your passphrase (Th3_w0rld_fr3ezes) and know what site you’re logging into and viola! Simple, cryptographically strong and easily remembered unique passwords for each site.

If you’re comfortable using software-based password managers, by all means continue to use them.  If you’ve considered them in the past, maybe now would be a good time to do a bit of googling on password managers and find one you like.  But if not, this relatively simple process will at least provide you with a method of creating decent passwords (passphrases)

Leave a Reply

Your email address will not be published. Required fields are marked *