One of the issues we are confronted nowadays is the fact that we require a password for everything we do.
Every account online, every physical access requires some form of identification, usually in the shape of a username and password.
Must of us tend to create passwords that are easy to remember or easy to change over time and that leads to passwords that suffer from a major problem: They are easily “hackable”.
The norm is to use numbers (a popular choice is someone’s birthday) or dictionary words (a pet name or a baseball team). These will take a minimum amount of time for a hacker to decipher, using dictionaries and brute-force approaches.
Companies all over the world enact password policies that run on a schedule of 30-90 days, where the users are required to change their passwords to comply with the companies security policies. These schedules usually make people lazy and compound the problem of using what I call serialized password (Wolffie66, Wolffie67, etc).
The problem is coming up with a password schema that can easily remember and that can adapt to a security policy.
Hackers usually use something called l33t speak to create usernames and password that offer some complexity and security.
The l33t speak refers to a simple letter to the number or character substitution.
"Originating in the early 1980's, leet speak was first used by hackers as a way to prevent their websites/newsgroups from being found by simple keyword searches.
Leet speak grew and became popular in online games such as Doom in the early 1990's as a way of suggesting that you were a hacker (h4x0r), and therefore to be feared.
Leet, or 1337, is a short form of "elite," commonly used by video gamers to suggest that they are skilled."— Urban Dictionary
Over by Robert Ecker’s page, you can find an L33t translator that you can use to encode any text.
This l33t speak is one of the main components of this password proposal scheme and it is worth understanding the idea.
To speak l33t we can rely on a simple pattern to number/character substitution.
As you can see the idea here is to change a letter with a number or character that look in some way like the original character or letter.
The Three Word Proposal
This l33t speak together with my three-word proposal, will allow you to create a password that is complex and easily remembered.
The three-word password (TWP) consists of exactly that; three words. The idea is to start the what I call an anchor word. An Anchor Is a word that will make the password memorable. The perfect words to be anchor words are words with a repeating letter like Deep, Door, Floor. Like L33t there are words that offer a repeating pattern that will look better when we do the L33t speak substitution.
Once we get our anchor word, we then look for two other words that will form a coherent and simple three-word phrase.
Let us look at an example:
Let’s take the anchor word: Green.
For our three word password, we are going to use the phrase: Gods Green Earth
By turning it into L33t speak we get: 60d5 6r33n 34r7h
By adding Underscores and/or dashes we increase the level of complexity and we turn our three-word password into:
By remembering our anchor word (Green) and by simple association we are able to remember our complex but memorable password.
Let us look at another example.
- Anchor Word: Beach
- TWP: Beach Goes Far
- L33t Password: b34ch 6035 f4r
- Complexity I: b34ch_6035-f4r
- Complexity II: b34ch_6035_f@r
Notice that even though we are using dictionary words, these are not in any shape related to us in any meaningful way. We rely on the anchor word to create an association with the other two words and on the L33t speak to change those TWPs into something more complex. The addition of the underscores and dashes (it is good to change the position and/or the amount of those) makes the password combination difficult to guess.
Could this work with more words? Of course, it could, but the idea here is to keep it under to three words so we can associate our anchor word.
If we take a four-word password we can create an extremely complex password!
- Anchor word: Spiderman
- FWP: Tom Holland is Spiderman
- L33t Password: 70m h0ll4nd 15 5p1d3rm4n
- Complexity I: 70m_h0ll4nd-15_5p1d3rm4n
- Complexity II: 70m_h0ll@nd_!5_5p1d3rm4n
As you can see, we can use more than three words, but then it becomes terribly cumbersome to type on any regular keyboard let along a mobile phone.
The Three Word Password, in general, will satisfy most company policies and password requirements that you can find on the internet.
Some Sample TWP
- River Runs Deep
- Wine is Red
- Floor is Tiled
- Door Is Ajar
Photo by Andrew Neel on Unsplash