Passwords --was-- Re: [BC] Can't solve it if you don't know about it

Dale H. Cook radiotest
Mon Jul 31 09:39:26 CDT 2006 

At 09:21 AM 7/31/2006, Cowboy wrote:

>Pass-phrases are MUCH better, provided they aren't too obvious.
>  Even better, are apparently random strings derived from a
>  pass-phrase, something like MBWbiO14 derived from
>        My beloved wife's birthday is October 14.
>
><snip>>
>
>  Also good are seemingly random combinations of words.
>  Things like spatula&motorcar
>  Enough characters to be secure, no apparent relationship between
>  the words, and a "random" character separator.

Listen to Curt folks - the man knows whereof he speaks.

My most critical passwords, both at home and at work, are strings 
built on a foundation of the manufacturers' names and model numbers 
of favorite items of electronic equipment. Those are then modified 
using a pre-determined scheme. The initial strings, which are easy to 
remember, are "seeds"  used to grow passwords.

Here's an example. Please note that this example is not a part of one 
of my passwords, and the modification scheme is not the one I use. I 
don't even use broadcast equipment for seeds - I use other makes and 
models of electronic equipment that I am extremely familiar with. 
Since this is a matter of security I cannot divulge exact details of 
how I build my passwords, but this example will give you the general 
idea and, I hope, will inspire you to create more secure passwords 
for your own use.

Let's start with a seed derived from our industry. We will use one of 
my favorite items of old broadcast equipment - the first console that 
I ever installed - the RCA BC-7A. The seed, therefore, is:

RCA BC-7A

Since many systems limit the range of characters allowed in 
passwords, and do not allow spaces, we must replace some characters. 
Let us assume that spaces and hyphens are not allowed by the target 
system, but that underscores are allowed. Our scheme specifies 
modifying the seed to:

RCA_BC_7A

Since most target systems are case-sensitive, we want to mix upper 
and lower case. Our modification scheme includes a rule to put the 
manufacturer in lower case, and the model in upper case, yielding:

rca_BC_7A

Our scheme also includes rules for replacing some alpha-numeric 
characters with allowed punctuation symbols. For example, it might 
specify replacing all instances of the letter "A" or "a" with "&" 
(the "and" symbol - chosen because "and" begins with "a"), yielding:

rc&_BC_7&

The transformation from the seed to its final form is complete. Note, 
however, that this is not a complete password - it is too short. If 
the target system allows, say, passwords of up to 20 characters, 
concatenate one or more of these strings, built from different seeds, 
to get as close to the maximum password length as is feasible.

The key to making this system work is twofold - remembering the 
system for converting seeds to strings, and remembering the seeds for 
each target system. The first is fairly simple - devise a robust yet 
memorable scheme, and use it. As for the second, let us say that the 
target system is a genealogical web site concerning your 
grandmother's family name. In order to associate the seed "RCA BC-7A" 
with that site, visualize your grandmother running an RCA BC-7A. If 
you can remember the seeds for a target, the process of converting 
them to a password is purely mechanical.

>  In an air studio, where "talent" isn't know for good password retention,
>  I'd be using something like the first and last letter of the names, both
>  first and last names, of each person on the morning show.
>  Use their real names, not their air names, including at least one real word,
>  and it seems that's about as good as it gets.

My scheme is devised by a geek for the use of that geek. It may be 
too complicated for "talent," but even "talent" should be able to 
remember the trick of using a consistent scheme to replace some 
alpha-numeric characters with punctuation.

Dale H. Cook, Chief Engineer, Centennial Broadcasting, 
Roanoke/Lynchburg, VA - WZZI / WZZU / WLNI / WLEQ
http://members.cox.net/dalehcook/starcity.shtml

More information about the Broadcast mailing list