Simplify Security with Your Own Password Algorithm

By on Feb 02, 2017

How many online accounts do you have? Have you ever stopped to count them? Email, social media, news media, banks, credit cards, streaming services, workplace systems, government services: Studies show that most of us use between 15 and 20 online services, and that some of us use 100 or more. How many passwords have you created to protect your accounts, and how on earth do you manage them?

I’m willing to wager that most of you use one of three methods, each with it’s own mix of convenience and vulnerability.

One key opens every door

Perhaps you’ve picked one easy-to-remember value that you use for every occasion, albeit with minor modifications. Hopefully it’s not something like MyPassword that’s also easy to guess. But even if you’ve chosen wisely and strongly the risk here is self-evident. Anyone who manages to purloin your single key can plunder all your valuables. Your whole online life shares a single point of failure.

Many passwords with a Post-it index

Maybe you’re a little more cautious. Maybe you use a different password for every account. That’s a lot to remember, so you write them all down to keep track. That would account for the fringe of smudged Post-it notes around your keyboard; am I right?  Now just hold still while the trustworthy gentleman at the next table jots down a few for future reference.

Password managers, free and paid

You can’t beat a password manager for convenience. There are many solutions out there that will store all your passwords in one place, autofill your log-in forms, and synchronize your various devices. They’re safer too, because all credentials are encrypted in storage, and some use two-factor authentication. But what happens when you can’t install this app to your work machine because you don’t have admin rights? Now, all of your complex passwords that you’ve deliberately decided not to even try and memorize are secured in a vault you can’t access 100% of the time.

Set Your Own Rules for Password Security

Because none of these solutions is ideal for every scenario and every individual I’ve settled on a simple way to create strong, unique passwords that are also easy to remember. Instead of an app or a sheaf of handwritten notes, I use a simple, homegrown algorithm—a few easily remembered rules for generating apparently random alphanumeric strings. Here’s how it works.

First I choose a memorable bit of text from a favorite source. It might be a song verse, say Lucy in the Sky with Diamonds. Then I take the first letter of each word:

Picture yourself in a boat on a river, with tangerine trees and marmalade skies…

This gives me both a 14-character string (pyiaboarwttams) and a built-in mnemonic.

Then I add a rule to insert capitalizations. I’ll count the number of letters in the name of the site or service I’m securing. For Amazon that’s six, so in my Amazon password I’ll capitalize every sixth letter: pyiabOarwttAms.

Finally I’ll use the number of letters in the site name again, together with the last letter of that site name. This gives me two more characters that I’ll append to the end of the string: pyiabOarwttAms6n. The result is a strong password that will only repeat for services with 6-letter names whose site names end with an n. I don’t have to remember the password itself, only the rules that created it. Change the character source or modify the rule set and the new algorithm will generate an entirely different set of password values.

An Algorithm All Your Own

This simple algorithm is easy to personalize. Pick your own mnemonic. Add a few rules to insert special characters, numbers, capitals, and other changes. The result? A password that is unguessable, different across accounts and websites, yet memorable enough that you never need to write it down.

Algorithms have come to dominate many so aspects of our lives; why shouldn’t we leverage their power to relieve ourselves of an onerous, memory-intensive task? A password algorithm can make our online lives a little bit simpler, and our scattered digital assets a lot more secure.

About the Author

Dave Messett

Dave is Head of Product and Solutions Marketing, EMEA at McAfee. A seasoned IT professional with over 20 years of experience across technical and marketing positions he is highly sought after for his insights on the world of cybersecurity and the measures companies can take to defeat the bad guys. He works with analysts, partners ...

Read more posts from Dave Messett

  1. Great idea. I am pretty good with coming up with complicated passwords, but have no system for remembering them. I will have to ponder this.

Subscribe to McAfee Securing Tomorrow Blogs