Jump to content
  • entries
    275
  • comments
    3,435
  • views
    213,730

Secure Password Method -- Bang (strategically) On Keyboard


bonesiii

1,554 views

A lot of people don't seem to know about this method, so here you go. Been meaning to do this for a while, recent events merely reminded me. Note, please take into account the suggestions mentioned in this Refdesk topic. Also HH has good tips here.

 

The most secure passwords are random strings of as wide a range of keyboard characters as possible. An easy way to create them is to bang on your keyboard.

 

It sounds primitive -- it is -- yet it gives you the most secure possible password. The only downside is you must record it somewhere, or memorize it, but I recommend copying it to paper; if you use if often enough you will probably memorize it anyways.

 

So instead of agonizing over coming up with new passwords -- or worse using easily guessable ones -- just bang on the keyboard!

 

For added security, though, here are several easy techniques to make it more strategic than just a random bang.

 

1) Make it long. Maximum possible if you can; unfortunately some sites limit passwords to twelve characters or so, which is IMO stupid but they do it.

 

2) Bang on the letters area AND the numbers area.

 

3) Make sure you're not just banging up and down in the same few spots. Cover the whole keyboard randomly. (Of course, avoid the F# buttons and other things such as the "Shut Down the Computer Instantly And Ruin All Your Unsaved Work Just Because A Cat Happened To Step On Your Keyboard" button if you have a keyboard from Stupid Design Enterprises™ like my other comp does.) For this I recommend slowing the process down, so you randomly bang, then consciously move your hands, then bang again, etc. until you have a long password.

 

4) Alternate holding and letting up on Shift as you bang, so that you get a mix of capital letters and symbols too.

 

5) Alternate holding the keyboard backwards, so the side that's normally away from you is closer to you, just so you don't get predictable finger-relation patterns. Though hackers would need to be super mathemeticians on the level of Charlie Eps on Numbers to use such patterns. :P Still. If you do Step 3 well enough this isn't necessary though.

 

6) Once you've got a long string, look for often-repeated characters and delete them. Also make a note to yourself to avoid hitting them so frequently in the future; if that happens often you're not doing Step 3 well enough. However, if it's fairly rare, leave them be, as a truly random string is quite capable of having repeated characters and if you interfere too closely you're probably making it easier to hack, not harder.

 

7) If you wanna go supersecure, bring in a few foreign characters (Insert Symbol option on Microsoft Word has a lot of 'em for example), although then you can't type it. Well, I've heard these have keyboard shortcuts sometimes but no idea what they are -- you could research that and stuff. But make sure you just randomly put a few in, and don't reuse the same ones. Also, don't use only these; remember the idea is to have a wide range of characters.

 

 

Other advice, do NOT store it anywhere online. Especially not in email accounts, and never use the same password twice (see the web page the Refdesk topic links to). Assuming you haven't memorized it, you have two basic options IMU.

 

One, store it in a text file on your hard drive, recommend naming it something illogical to have anything to do with passwords and bury in lots of other text. Then when you need to sign in, copypaste it to the password area. (You could write it on paper too as a hard backup, of course.) (Many people including HH advise against this, but aren't factoring for keyloggers, see below.)

 

Two, write it on paper only, and physically type it in every time you need it. This is harder, and might be less secure in the case of keylogger viruses, which record keystrokes and can send them to the makers of the virus. On the other hand, if a hacker got into your files the other method could be equally risky. So which of these two you choose may not matter much, far as I know (and I don't claim to be a professional :P this is just based on everything I've heard/read over the years).

 

What I recommend strongly AGAINST is storing it on the computer AND typing it in, as that puts you at risk of both ways for a hacker/virus writer to get it. The chances of either method or even the third one happening to you are rare, but better safe than...

 

 

8) Another idea to avoid both the above risks is to type it from paper, but use a random "count how many I've typed, skip characters, then count back and insert the missing characters" pattern, which you should probably write out in detail and diagram on paper instead of trying it from memory. This adds a level of security that could only realistically be thwarted if a hacker logged keypresses, mouse clicks, and where exactly you clicked. No idea if that's much harder for hackers lol, but it's further complexity and a normal keylogger is guaranteed not to break it right away.

 

9) In fact, you could even use a randomly shifting group of skip and insert patterns that you cycle or the like if you're REALLY paranoid. :P Or just periodically change your pattern.

 

Unfortunately both methods 8 and 9 take the "easy" claim mostly out the window, but if you plan it properly, it's not much harder.

 

 

 

My best advice, though, is this -- if you think these more complex ideas are too hard -- BANG ON YOUR KEYBOARD NOW. :P That, at least, is so kindergarteney easy with such great results there's no excuse to put off changing your password.

 

 

 

 

Finally, change it often. Your idea of passwords online should NOT be something you memorize and then just use forever, IMO, but of something you must periodically change intended to keep your online stuff safe. The old simple memorizing idea is a nice gesture, and maybe in ancient times it worked fine, but it doesn't necessarily anymore.

 

(On the other hand, a passphrase is still more secure than a password, so that idea hasn't entirely gone out of usefulness, but like I said, many sites limit your password max length to ridiculously low amounts, so phrases don't really work there; in that case I recommend not risking easily memorizable words, and you'd better be able to memorize the random string anyways.)

 

Yarr. I intend to repub this several times in future.

 

 

 

In other news, tons of work on the EM is happening. It rocks. Yay and stuff.

  • Upvote 1

21 Comments


Recommended Comments

Shut Down the Computer Instantly And Ruin All Your Unsaved Work Just Because A Cat Happened To Step On Your Keyboard
ftw
What I recommend strongly AGAINST is storing it on the computer AND typing it in
What other option does one have? You can't copy+paste something from sheet of paper.
Link to comment
What other option does one have? You can't copy+paste something from sheet of paper.

What I meant was, if you misunderstood me, don't open a text file on the computer and physically type what you see there into the password prompt. That puts you at risk for both keyloggers AND hackers getting into your files.

 

You can either type from paper, or copypaste from text file, but don't mix the two strategies. Make sense?

 

If I misunderstood you and you didn't misunderstand me, well oh well just checking. :P

 

 

Update: Added some stuff I forgot, and a link to HH's recent blog entry on this subject.

  • Upvote 1
Link to comment

As an Apple user, I suppose it's fortunate that they are so immune to viruses, so that would lessen the keylogger virus threat. Plenty of hackers know how to get into Macs, though, but it's good that I've been employing said keybanging strategy ever since I went online. :)

 

One thing I'd like to add to the caution against using text files to save one's password - on Mac, if one is familiar with its features, one can have an "alternate screen" called Dashboard where you can have a calculator, dictionary, google searcher, various metric converters, local weather reports, ad infinitum. You can also have a digital sticky note there where you can type in whatever needs to be.

 

About a year ago, I changed my BZP password and didn't have a piece of paper handy at the time, so I put it on such a sticky note.

 

DO NOT COPY MY STUPIDITY.

 

Fortunately nothing happened and I finally wrote it down after a couple of months and deleted the sticky. I never leave my Mac open and logged in, and one always has to type in the password to wake it from sleep. Even so, it was a ridiculous risk, and despite bones' warning to not do this with text files, I thought this was a enough of a difference to merit mention. :)

Link to comment
I thought this was a enough of a difference to merit mention.

Works for me. I mean, not that I would ever willingly use a Mac... But yeah. :P

Link to comment

I love this idea!! Bones you are amazing!

 

As long as the password is in a completely obscure file, maybe surrounded by other info, and copy-pasted in, you'd probably be safe. But I have heard of people, and know one in particular, who kept their all passwords in a computer file called "My Passwords" or something and had their backside handed to them twice. :P

Link to comment

And I thought I was paranoid...

 

I should probably start using some of these techniques and such... for example this was the first time I had ever changed my BZP password, so I should do that more often.

 

Anyway, good (if extreme) ideas, bones!

 

:music:

Link to comment
I love this idea!! Bones you are amazing!

 

As long as the password is in a completely obscure file, maybe surrounded by other info, and copy-pasted in, you'd probably be safe. But I have heard of people, and know one in particular, who kept their all passwords in a computer file called "My Passwords" or something and had their backside handed to them twice. :P

Yeah, -that- is risky lol.

 

Sure, I have my passwords saved digitally...

 

But you'd have to break into my house and snatch my USB stick to get to 'em. :P

Which is another risk, of course, even with paper copies, from random thieves.

Link to comment
7) If you wanna go supersecure, bring in a few foreign characters (Insert Symbol option on Microsoft Word has a lot of 'em for example), although then you can't type it. Well, I've heard these have keyboard shortcuts sometimes but no idea what they are -- you could research that and stuff. But make sure you just randomly put a few in, and don't reuse the same ones. Also, don't use only these; remember the idea is to have a wide range of characters.

Just wanna add to this - if you have another language installed on your computer (other than English, that is), you should probably use it somewhere in your password. ^_^

Link to comment
Sure, I have my passwords saved digitally...

 

But you'd have to break into my house and snatch my USB stick to get to 'em. :P

Which is another risk, of course, even with paper copies, from random thieves.

I must note that a thief is less likely to steal a random notebook than a USB stick. ;P Taking a USB out of the house greatly increases chance of loss or theft. And the moments it's plugged in to your computer may be just enough to swipe that info.

 

Also bones you need this!

Link to comment

Another good strategy to have a secure passowrd without wiritng it down anywhere is to take any phrase that you like, for example "A rolling stone gathers no moss". The more obscure and longer, the better.

 

Then use the first letters of the phrase to make a password. Using the above example, it would make "arstnm". Alternatively, you could mix things up a bit, taking the first and last characters in each word, for example. That makes "argsegsnoms".

 

After that add a few numbers to it. For example, you could have a certain date (birthday of your grandfather or some obscure person you like), e.g. 1583, and add it between every "word". That makes "a1rg5se8gs3noms", which is a pretty secure and long password.

Link to comment

bonesiii,

I apologize for my more primitive methods, but I use invented words, but I suppose that those too are random. However, I have fallen to the flaw of repeating my password across several websites.

 

Live long and prosper.

Link to comment

I have terrible memory, so random won't work for me.

 

And I don't type in passwords that often, I use remember me usually.

 

And even when I have to type it in, I still forget my password even though it's something I can easily remember.

 

The only password that is completely and utterly different and not even related to all my passwords is my brickshelf and maj.

Link to comment

bonesiii,

Actually, since I do have a list of all my passwords written down on a sheet of paper I have hidden in my desk, I guess I could go with the random string of characters.

 

EmperorWhenua,

Were you making a reference towards my behavior?

 

Live long and prosper.

Link to comment

Mr. Volcanoe-Who-Needs-A-Hairstylist,

No, I was not. However much it seems to refer to you, it was directed towards the blog entry itself and it's wisdom, and not any one member in particular.

 

With grace,

 

~EW~

Link to comment
Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...