Lots of waffling in the Guardian lately about passwords – but they’re not really the problem they’re portrayed as.
Despite all the people offering horribly complex solutions to the problem, you don’t need to create long strings of letters, numbers, and random bits of punctuation which will get you a pat on the back from the Password Fairies (and IT geeks), who love such things, but which you will never get right unless you write them down, and that rather negates their purpose. Life doesn’t need to be so tedious to be secure.
As a basic, all-purpose, not very important password, I use my father’s first name. He hated it, and never used it – he went through his entire life known by his middle name to everyone but his parents, and they only ever used an abbreviated version of his first name. And I’m the only living person who knows what that name was – so who’s going to figure it out?
Someone who knows me very well, and knew my father and mother, and where and when they where born, could do some genealogical research and maybe find out, but there is nobody like that alive, bar me. And who would care that much anyway, when there are far easier targets?
For more security I use a date from an event in Tolkien’s tales – and there are just so many of those to choose from. And this one is in one of the more obscure calendars not, say, Shire Reckoning. True, someone could build a program to cycle through all the dates Tolkien ever published, and in every calendar variant, but it’d take an absurd amount of time and effort, so it’s effectively secure.
For other passwords I use book titles, written as all one word and in lower case, and with the initial definite or indefinite article, if there is one, omitted. Given all the books in the world, or even just the books I own/have read, that’s as secure as it gets. Who, for example, would ever figure out dietforasmallplanet, to pick a book at random that’s in view right now? And no, that’s not one I use.
All those are bombproof – and yet the Password Fairies don’t like them, because Password Fairies are fundamentally stupid, and in love with random number generators. So when the Password Fairies insist I add a number, I add my age. Not the age I am now, but the age I once was when I used it as part of the code for a combination lock which, of course, no-one knows but me. OK, currently there are 65 possibilities for that number, but as there’s no way of telling what it’s combined with, that’s no help.
All the passwords I use are easy to remember, and while they’re not 100% secure – nothing is; if somebody wants to nail you badly enough, they will – but the amount of effort needed to crack them would be so disproportionately high it simply wouldn’t be worth while. Hell, I’m just a blogger, not a bank, a multi-national company, a utilities company, or any of the other targets hackers like to fuck with.