Old-school tricks to protect your passwords

If you’re caught in password purgatory, try these 6 old-school password tricks.

122214 passwords 1
Old-school tricks to protect your passwords

Can’t remember all of your passwords? Have them written down on a sticky note or on a piece of paper in your wallet? Do you use the same password for every site, even though you know it’s a bad idea? If you’re caught in password purgatory, try these 6 old-school password tricks. (Read the story version.)

122214 passwords 2
Letter substitution cipher: a=b

Letter-substitution ciphers have been around almost as long as alphabets. Each letter is replaced by another letter, a number, or a symbol. The easiest cipher is where you replace every letter by the next one in the alphabet. So, “cat” becomes “dbu” and “dog” becomes “eph.” Letter-substitution ciphers are easy to crack if you have a couple of sentences of encrypted text – and if you know ahead of time what kind of cipher is being used. They become extremely difficult if the snippets are short, and if the hacker doesn't know that you're using it.

122214 passwords 3
Letter substitution cipher: a=s

This one works great if you're a touch typist. Simply move your fingers one key to the right when you type in your passwords. “Cat” becomes “Vsy.” With this approach, numbers and symbols get switched, as well – and no thought or memorization is required.

122214 passwords 4
Never write down encrypted passwords; banana, not nsmsms

It might seem more secure to write down, say, “nsmsms” instead of “banana,” but writing down “banana” and doing the encryption in your head, instead of writing down “nsmsms” and doing the decryption, is more secure. That's because the hacker or thief who gets their hands on your list won't get a heads-up about the encryption method you're using. With a list of plain words, there's nothing to hint to the hacker that you're doing something tricky. And don’t write down something like “bank: pineapple!1, email: butterfly?2, social: cumulus#3”.

122214 passwords 5
Use earworms to your advantage: Wheels on the bus go round and round

Back in the old days, one common way to exchange secret messages was to use two identical copies of a book. A Bible, say, or, really, any book at all. To send a particular word, you'd find that word in the book and write down its page number and position on the page. The code was cumbersome and only worked as long as your enemies didn't know what book you were using. But it's an easy way to generate passwords, since you only need one copy of the book. In fact, you don't even need a whole book. You can use a prayer you've memorized, or speech, poem, or song. So, say your song is “The wheels on the bus go round and round.”

122214 passwords 6
The mnemonic code: a=alpha

But why bother writing down a list of words when you can use a memorization trick that stage magicians have used for centuries – mnemonics? Start with an alphabet you know well, such as “a is for apple, b is for banana” or “a is for alpha, b is for bravo.” Then use the word that corresponds with the first – or the last – letter of the site you want to memorize the password for. For example, if you decide to base your code on the first two letters of the site, and you want to remember the password for bank.com, you'd start with “bananaapple.” Throw in a hyphen and you've got your required symbol, too.

Combine it with a letter substitution cipher and the password for bank.com becomes “nsmsms=s[[;r” – good luck to anyone trying to guess that one.

122214 passwords 7
Add site name to end of password: banana-twitter

To ensure a unique password for every single site – without having to write anything down – add the name of the site to the end of the password, suggests Luis Corrons, technical director of Madrid-based cloud security vendor Panda Security. So, for bank.com, you'd add “-bank” to the end of it. And, for your social media accounts, “-twitter,” “-facebook” and “-linkedin” or – for a little less typing – “-twit,” “-face,” and “-link.”

122214 passwords 8
Expiration date trick: banana-q1-14

But what about companies that make you change your passwords every three or six months? Simply add the year and the quarter to the beginning or the end of the password. So, if your base password is “banana,” you'd have “banana-14-q1” or “banana-14-q2” or “banana-2014-h2.” After moving everything over one key on the keyboard, that becomes “nsmsms=3-25=j3.” And – voila! A unique password that you can remember, that's difficult to guess, and that you can change regularly.