Wednesday, December 11, 2013

Picture Yourself Secure: Passwords, Phrases, and the Future

In 1492, Columbus sailed the ocean blue…

Every Good Boy Does Fine….

Thirty days hath September….

password, passphrase, security, dataAh yes…mnemonic devices. Those performance-enhancing tools used successfully by middle schoolers and beginner-level music students all over the country for…well, for forever, it seems.

Enter any 7th grade classroom on test day and you’ll see small, strained faces searching their memory banks for that rhyme or song that will bring to mind the order of taxonomy (“King Phillip Opens Five Green Snakes”) or the five Great Lakes (HOMES).

Depending on your college degree, you might have carried this technique into college. But most of us probably gave up these memory aids along with No-Doze and an actual Spring Break after tossing our grad cap in the air.

But why? The human brain loves association and repetition at any age and for any reason—and that’s why researchers at Carnegie Mellon think we should keep it up when it comes to security.

The Future of Passwords

"If you can memorize nine stories, our system can generate distinct passwords for 126 accounts," says Jeremiah Blocki, a Ph.D. student in Carnegie Mellon's Computer Science Department.

Now, these “naturally rehearsing passwords” are little bit more involved than R.O.Y. G. B.I.V. These passphrases require the user to create a one-sentence story in their mind that can be recalled when the computer provides images that correspond to words in the story.

Now, the system is still in the works, say researchers. One roadblock: prompting for special characters, numbers, or capital letters. But until these sorts of high-tech, make-our-password-for-us systems are commonplace, we can still use the principles to create very effective passphrases and acronyms.

Are passwords, passphrases, and acronyms the ultimate, end-all-be-all answer to security? Of course not. The recent “you’re going to get hacked anyway” movement has reminded us all that there’s a lot more to security.  And yet, passwords are still a part of life for everyone. We all still have to use them, so why not do the best we can?

Craft an Effective Passphrase 

The basic steps:

  • Make up a phrase that is close to you, or that’s about something you think of often. Here’s one for me: “I eat more chicken at Chick-Fil-A.”
  • Distill that phrase down to a minimum of 8 characters: "iemcacfa"
  • Replace letters with symbols, mix it up with lowercase and uppercase letters, throw in some numbers, and voila!


Would it be better (read: more convenient) to have a computer construct a hundred unique passphrases for us? Maybe. But here's our best option while we patiently wait for some of these inventive and (hopefully) user-friendly solutions to come down the pike.

More About Data Security