Passwords and Memory - AMBYTE Vermont, USA

Passwords and Memory

Working for long time on software applications, algorithms, and the theory told us to accept the importance of passwords and their quality. As computers became faster, and programming languages more skilled, it is more important now than ever before, and it will keep becoming more crucial.

Passwords are needed. They allow us to access the software and data, they protect privacy, and so the talk and work on passwords is not just fancy speech, but crucial science.

Encryption can be very complex.

We've done much work on this subject. And one key property of passwords is that with better computers and smarter people the most useful passwords are those with random quality. Is it quality? Yes, absolutely. When you have document or software that's protected by password to be private and not accessible by others, random password is extremely important. We can all do the math, but we should follow its results.

In summary - if the password is not random, for example it is LAPTOP, most hacking software will break it fast. It very often works with word dictionaries and so using well recognized word is not too safe. As random password, such that may not be found anywhere such as in dictionary.

English language has somewhere between 450,000 to 600,000 words. Very large number, but not very big for computers and software. Our password generator chooses one of 456,976 random options when you select word with 4 uppercase letters, for example AYFG. If you choose word made from 6 letters, it will generate one from 308,915,776 random options. That's quite a number and only 6 letters! 8 letters and we are at 208,827,064,576 options. Our generator goes all the way up to 16 letters, and it can generate one from 43,608,742,899,428,878,188,544 options. Much more than existing words.

Example of such word could be NPBEDMWJQHIYWFFS. 16 letters in uppercase. Perfectly safe, private and difficult to break. Computer has to check to very close to all pssible combination of 16 letters, so 43,608,742,899,428,878,188,544 words. Or maybe more - it may not know it's looking for 16 letters but less or more.

Sinclair ZX-81. Computer and teacher.

Length and random order of letters is very important for the safety of your password. There is one major problem though - human memory. Can you remember such long password? It's safe but what happens if you forget it? It's password so to write it down somewhere may not be a good idea. On paper or in computer. But memory can fail sometimes and you need to preserve your secure password or its security is worth nothing.

Many experienced and safety minded people do write it down somewhere and it can be good. If memory fails you have a backup. The key is just finding good place to keep it, and it may be very much possible - and we will write about it later. Safe place can be different for anyone, just don't keep it where others can easily get to it.

Big question is also how to make the random password easier to remember and tough to forget? And still safe? This question asks for password that's easy to memorize but almost as difficult to hack with computer.

It's possible to argue that shorter word is less secure, but secure enough, especially if you are certain you will remember it. 16 letters is safer than 4 letters and the 4 can be remembered with some help. 4 random letters have 456,976 random options. If you can remember 4 randomly chosen letters, you have a great solution.

But 4 can feel not too safe for some, and can you remember 5 or 6 or more? You are getting more security but risk forgetting the password. 6 letters have 208,827,064,576 combinations, truly vast number. If you have a good place to store it or memorize it, this could be the winner.

To make password easier to remember, one option is to make part of the password not random just the rest. Make the start of the word easy for the memory, for example name, sport, or city, and then add a few random letters. Example - JIMHG, MARYEG, HOCKEYQQ or VERMONTXYZ. It's not mathematically as secure but perhaps easier to memorize.

The non-random word can be elsewhere in the password - in the middle or at the end. PAULWK could be WPAULK or REPAUL.

You can also (usually) use lowercase letters or numbers. So PETERG could be pEtErG or PeteR99. Different case offer you more combinations for the password and so do numbers.

And it's also good to mention that letters offer you usage of tricks such as well used sentences, for example if you are runner and often say I DO LIKE RUNNING but it's too long to remember, perhaps you can use just the first letters - IDLR - and you have pretty good and random password. If your family has 4 members and the names are Paul, Mary, John and Sarah, then PMJS looks and acts pretty random. And if not, you could add one to each letter and your password is QNKT. Makes sense? Sort of random to begin with and more random after an extra letter.

You can play with letters very much, but numbers offer you more options. You could always create very easy math operation into your numbers. Example - 7642. It's just 4 digits so 10,000 options, but you'll always know that 7 x 6 = 42! Or 23815 is 23 - 8 = 15. And you have 5 digits so 100,000 options. And if you are good memorizing numbers, you could make it longer, say 224339 which is 2x2=4 and 3x3=9. Easy and simple to memorize but already million options.

You can also often mix numbers and letters and be more creative. Your name is JOHN BROWN and you were born in 1969, so how about JB1969. That's 2 random letters and 10,000 number options.

Numbers don't offer you as many random options as letters, there are only 10 numbers, but if you are into the math or numbers, it can be more flexible and safer for you.

This is it for today, I hope we helped you. If you'd like to talk to us, please visit our Contact page and send us a message. And stay in touch, follow us on Twitter or Facebook.

Keylock feels like password.