The trouble with passwords

Posted on August 25, 2013


Recently I’ve been using other people’s computers a lot more often, because I’m working away from my home office most of the time. And because of this I noticed a serious flaw in the strategy I had used for choosing passwords: they were all the same! I had chosen a very strong password that was unguessable and yet memorable to me, but I had used it everywhere. So if anyone did ever guess it I would be screwed.

Time to change to a new strategy, I thought. So I looked at lastpass, 1password et al. But again, it seemed to me that I would ultimately be putting my entire faith in a single password (and a single supplier), which felt almost as unsafe as having the same password everywhere. So what to do? I need passwords that are strong, easy for me to remember, and different on every service I use. Oh, and they have to meet all the different and daft criteria that the various websites impose; some insist on at least 8 characters, some on at least 9; some insist on at least one digit; others require a capital letter; etc etc.

The only scheme I know of that meets all of these criteria is to use a memorable 2-3 word phrase, together with a keyword indicating the site holding the account. So I wrote a random phrase generator, and discovered that every ten refreshes or so I was pretty much assured of generating a phrase that stuck in my brain. (Unfortunately you then also need to sprinkle the password with numbers and punctuation, not to make it stronger but to meet those daft website rules.)

For example, I just ran the generator and got bloody tomato. So I might then use the different passwords Blo0dy-tomato+mates for facebook, Blo0dy-tomato+pic for instagram, etc. As long as the scheme for adding the site-specific key is personal and memorable this should be a better password strategy than I had before.

Feel free to use the generator yourself (but obviously I can’t be held responsible if your passwords are hacked). The current words lists can generate over 750 trillion different passphrases, and I’m adding more words all the time.

Posted in: Uncategorized