Skip to main content

Mitigating Complex Password Atrophy. (Difficult Passwords Made Easy)

January 25, 2012

Password Atrophy: The Forgetting of Complex Passwords Through the Lack of Use Over Time

If you’re anything like me, you have several websites and applications that require passwords. Keeping all these passwords unique, complex and memorable can be a daunting task. A long complex password can be difficult to generate and maintain without a process.

Coming up with one password that is significantly long and consists of alternating characters can take some time to think up. Of course, we could use a password generator, but unless you’ve got a photographic memory, it will have to be written down or stored in a password safe. And if you’re willing to write down passwords, you’re doing it wrong. Password safes are a good solution, but there are some concerns about availability. So how do we create a unique password that is both long and complicated (perhaps like a high school romance)?

I’m no rocket scientist but I did sit next to one on a recent flight from Texas. (She was with a leading national space program. I’m not sure if I can name it, so a hint will need to suffice here.)

I learned two things about rocket scientists while sitting next to her for nearly five hours:

  1. Even rocket scientists have trouble remembering multiple complex passwords.
  2. There is a reason they are chosen as a watermark to measure high intelligence and aptitude.

I have created a three-factor method that simplifies the process of generating a unique and suitably long password that can be memorized instantly. I shared this method with the rocket scientist, and she said this was the best idea since solid fuel propulsion. (OK. She didn’t actually say that aloud, but I could see it in her eyes.)

The Tri-Factor Method The three components are:

Website/Application Attribute - This is some component of the website. I use a piece of the domain or the application name with a simple cipher. For this example, I’ll use the last four characters of the website and reverse their order.

  1. a. www.fishnetsecurity.com
  2. rity becomes ytir

We now have our first four characters of our new password

If there are not four characters in the domain, repeat the cycle or find a creative way that will create four characters. For example, www.ABC.com becomes something like “CBAC” as in “CBAC”BA or CBAA like “CBAA”BC.

The Complex Component – This is the part that we actually need to memorize. Use a password generator to create a strong six-character password. This will be the only component you will need to commit to memory, since it will be used in all your passwords. Below is the one that I generated using an online tool:

  1. dr=78i

That gives us another six characters

Anything You Like – Here you can use anything you like, as long as it is at least four characters. Make it something you will remember. It’s OK to use birthdays, addresses, favorite Olympic Curler, favorite color or anything else. Generally, these options make for terrible passwords on their own, but since we are getting complexity from the other components, we don’t have to be overly concerned.

Here is a phrase I just thought up that I will remember:

  1. HanShot1st

That’s another 10 characters.

Next take the three components and order them however you like. Use the same order for each password you create. I’m going to use mine in the order that I listed them:

  1. 1. ytir
  2. dr=78i
  3. HanShot1st

When combined, we get the following: ytirdr=78iHanShot1st

We now have a 20-character password for www.fishnetsecurity.com, which is long, complicated, unique and easy to remember!

According to howsecureismypassword.net *, it would take nearly 6 sextillion years for a desktop PC to break this password. That’s 21 zeros! Just be sure to change your password by then. * Do not use howsecureismypassword.net to test actual passwords. Use a substitution for your password. I haven’t found any method that a password input here could compromise your password. It’s just not a good idea to test live passwords in generators.

Related Blogs

August 09, 2013

“Out of Your Password Minder” Isn’t Just Good Comedy… It’s Also Scary as Hell

Have you seen the “Out of Your Password Minder” segment from The Ellen Degeneres Show? It’s been passed around for the last couple months and recently...

See Details

April 05, 2016

Five Spring Cleaning Tips for Identity Protection

Spring cleaning is not just about creating space in closets, but is also a great time to organize your online passwords as well. Chances are you have ...

See Details

November 05, 2015

Always Use Protection

The pace at which security exploits are being discovered on mobile operating systems is skyrocketing. They’re also having a major impact on device sec...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

September 23, 2014

Busting Password Managers

As you may have noticed, web browser password managers have begun to take over. Until recently, a developer could simply add the "AutoComplete=off" at...

See Details

June 13, 2017

Moving Beyond the Password

Learn the technical, security and end user considerations while trying to go passwordless.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.