Someone in the Mnemonics Software thread brought up passwords. I think that creating passwords is something that mnemonists should discuss.
My idea is to use PAO. Take uppercase letters, lowercase letters and numbers to create the password. Pick an order. I would suggest AAaa11.
Turn the letters into numbers. You can use the first 10 letters, the last 10 letters, random letters assigned to numbers, the Major system, Ben’s System, a modified Ben’s system or whatever.
Then, you can use the subject matter for the need of the password to create the PAO. For my home computer, I could use myself across the board. I’m number 66. So, using the Major system, the password for my home computer could be JJjj66, which is me reading a book. For my work computer, I could use me banging (swinging) a gavel, since I’m an attorney, which would be JJtk78.
Hi there, I’m guilty as charged, talking about passwords. In fact lately I’ve got unhealthily obsessed with them. So here are a few aspects that may be helpful in the discussion in no particular order:
Conventional wisdom is that you start with a phrase and use the initial letters of the words, and convert some to upper and lower case, as well as numbers. As a method, it works, albeit many people are still resistant to using it; and remembering which characters are upper/lower/numbers etc can be difficult.
Passwords with 8 or more characters, including three out of four character types are currently considered to be out of the reach of brute force attacks and ranbow tables, which are pre-computed hashed password databases.
Passwords become easier to crack in many situations, including if they are related to dictionary words, have common substitutes (1 for l, 0 for o etc.) or have letters with a couple of numbers tacked on the end. This means that for a given combination of character types, a system-generated password is usually stronger.
It is very useful to make passwords with a fixed and variable element, as you are doing for your work and home computers. Many people vary a part of the password according to which website they are at, or how many times they have had to reset it.
Above all, using different passwords at different websites is important. Really reputable sites have been humiliated recently.
You could say there are two main approaches to password mnemonics: (a) finding a stong password you can remember easily; and (b) remembering a strong password you are given.
One thing to keep in mind if only doing that is that if your passwords aren’t tricky enough, cracking one password could give someone all your passwords. They don’t even have to crack anything, but just sniff your traffic over WiFi. Once they capture a few unencrypted passwords, they might be able to figure out the formula for all your passwords on all the other websites you visit.
Always assume that some of your passwords are going to be compromised (WiFi sniffing), so the pattern should be tricky enough that it can’t be decoded even after viewing a few passwords.
This is very true. At risk of diverting the discussion further away from mnemonics, here goes:
WiFi
Please be very wary of using WiFi in public places. Even if it is a recognised network and encrypted, it is still possible to spoof the network’s credentials, so that you give your WiFi password away and then start work on a compromised proxy. That may mean switching off WiFi on your smartphone when you are away from home or office. I have seen a hacking demonstration where a guy walks out of his office with an iPhone, the hackers connect to it by spoofing his office network. Then they start remotely installing things and taking his credentials for attacking his office. Not nice.
Balance of Probabilities
But unless you are a high profile target, the worst you are likely to encounter is someone randomly fishing around with a laptop in a railway station or airport.
Email
So much can be reset using your email account that if that gets compromised, most other things will be too.
Password managers
This is really off-topic, and probably anathema to hard core mnemonists, but on my website, I recommend using password management software like Lastpass. I mean I have around 150 entries in my Lastpass database. But that still leaves me with a bunch of passwords that must be really strong, and for those, I use mnemonics.
Varying passwords
I usually vary at least two characters in the password. The adjustments could be things like the number of letters in the name of the system, plus 2, the third letter after the 4th letter in the name of the system etc. I use groups, so I don’t mind much if my account at socks.com gets compromised, and they guess my password at pants.com. But I don’t want them guessing my facebook password from that. Yes. Someone could theoretically work out the connection within the groups if they really wanted to. But in practice, when Gawker and HB Gary got hacked, curious folk found enough meat from the decrypted passwords and directly re-used credentials to be getting on with. The simple rule is like home security: you want to be a bit less attractive to break into than your neighbors, but not so much that it is very inconvenient for you. Most hackers are lazy and use scripts. They will go for the easiest targets, without much creativity. The really good ones are hacking into banks, governments etc.
True… This is probably more common than one would hope though. There is a lot of free software that makes it easy, and a lot of bored people who hang out on the WiFi at coffee shops.
