A linguistic game for creating passwords

Posted on 26/06/2018 · Posted in Recent news

We all know the feeling: that special kind of angst gripping you every time you are asked to create a new password. It could be due to the fact that you have created yet another digital you and entrusted its curatorship to some cloud. More likely, however, the angst stems from knowing that your go-to password is not long enough, does not contain special characters or enough numbers, does not start with a haiku and does not end with a gang sign.

How does one go about creating a password intricate enough to meet all the requirements – including the minimum length of 12 characters – AND still easy enough to remember? Answer: Make it a linguistic game.

Think of something in your daily routine that is linked with time, for example ‘Leaving work at 17:00 means I will be home by 17:35’. Now abbreviate that sentence: ‘Lwa17:00mIwbhb17:35’. There you have it – an easy-to-remember 19-character password with two special characters, two capitals and eight numbers! Using a sentence that reflects time makes it easy to include numbers and those elusive special characters. Alternatively, you could easily recite a personal story by using the same principle: ‘IfctCTo23-Apr’98’ could represent: ‘I first came to Cape Town on 23 April ‘98’.

It is important that you keep your sentences simple, so kill those adjectives, as remembering them later could become a bit challenging: now was it ‘wonderful night’ or ‘fantastic night’? This is especially true when you are forced to change your password regularly. If that is the case, you could always combine the linguistic game with some maths.

When changing your password, most systems allow you to cheat by only changing parts of your old password. So, if it always takes you 35 minutes to drive home, why not leave work at 16:30? ‘Lwa16:30mIwbhb17:05’. You could always leave an innocuous note at your desk or in your diary reading “Leaving – 16:30” to help remind you of the new time for the new password…

NOTE: This article applies an adaptation of the Schneier scheme, developed by security scholar Bruce Schneier in 2008.