Passwords are a complexity we purposefully introduce into our lives while wishing at the same time for them to be easier to remember. The resulting trade-off is that the best ones are which you highly risk forgetting and the easy ones can be guessed by anyone who has known you long enough or has the skills with a computer along with the time and the wits to make you hand it out to them. In short, a great password, one which you recall only when asked for, is the one you do not recall otherwise – the statement in itself sounds weird.
With this, you might recall that alphanumeric password which makes use of your sibling’s birth date and your driver’s license with a few exotic symbols thrown in between for good, but will you be as sure of that one symbol you used once you return to re-type it in somewhere after, say, six months? What about images with sentences you came up with to have a string of random words birthed from your imagination? That too sounds like a good solution doesn’t it? Having a password which is quickly available to our memory yet hidden is such a huge problem that it has bothered security experts as well as the average user. To add to that, experts advise that you should keep each password different from the other so that a single event of compromise doesn’t open a gateway to rest of your accounts. With that, remembering these many new passwords becomes difficult and thus come handy the password lockers which require a password of their own. The question thus becomes – how does an average and a lazy user like me keep an easy yet a secure password? Before I continue I would like to clarify that this is just something already some of us have surely thought of before (the effectiveness of which has not been tested mathematically nor practically), it has its own drawbacks but it still is any day a better option than ‘password123’ or your birth date – it still needs to be mentioned here so that a refined discussion could be built upon it.
The limitless flexibility of human imagination along with the information already present on the human-computer interface are applied in this method to yield a difficult to guess password. In Norman’s words, we are using the knowledge in the world along with the knowledge in the head. The reason is that you (probably) have the entire grid spread out in front of you which everyone else can also see but only you have a special shape in there somewhere which you somehow remember. Since most passwords require the use of a keyboard, we have the keyboard itself as the available hint to your mind. The rest is done by how you view and put things over it spatially or as how your eye sees it. This method is partly dependent on how an individual recognizes a letter and writes it. Imagine it to be something like a cross of a handwriting recognition crossed with the pattern based lock on your smartphone.
The above diagram shows three ways to map the letter B on a QWERTY keyboard. L to R – a. Segmented strokes – 345re3edcdfvc b. Continuous stroke -5rdxcvgft65 c. Low-poly continuous – 4EdXvFrT5
The method can be demonstrated as follows – take for example the letter L.
Now, press the keys in accordance with how you would make the letter L with the keys as dots on the entire keyboard. For the sake of demonstration, consider that the L must pass through the ‘5’ on your keyboard. (And trace these letters as I have typed them so that the idea comes across at its clearest)
Did you type in – ‘5rdxcv’ or ‘5rdxcvb’?
Or do you prefer to begin with the bottom – bvcxdr5 or vcxdr5?
Or you like to take the lines of the L separately – 5rdxxcvb/5rdxbvcx/xcvbxdr5?
Or do you view the italicized L differently as – 5tgbnm?
Or is it crooked/cursive – 5tfcvbn?
This method is also inspired from how swipe text prediction for phone keyboards works. Rather than leaving the pattern to the machine to interpret, this method makes the human remember the pattern, a stroke or a sequence of strokes analogous to how the human writes that symbol in the real world. Strokes are difficult to forget.
All one needs to know is the letter, the starting key and how you write a letter (which you would anyway know). If you need more complexity and trust your memory, make the same with three lettered words or symbols. With each extra space/digit and each symbol, you add exponentially to the time and processing power it would take to break into your account. You can simply imprint this onto your memory by typing in the shape about 7 or 8 times.
The biggest drawback of this method is that someone can look at your personal computer’s keyboard and probably guess what keys you strike the most. The wearing out of the keys is dependent on how often you put in the password and how long have you worked on that single machine (and how much cheeto-dust it sees). Also, a software could check all the permutations and combinations possible with every letter and symbol around a select key and run through the entire keyboard but that would take much more time than running through a standard language dictionary for sure. But, in case someone is really hell-bent to break into your account, with time and enough computing power they absolutely will because no system should be assumed to be perfectly secure. Now until the tech community brings about a password revolution or a well tested easy to understand method, I think sticking to shapes on the keyboard can be any simpleton’s best bet.
Some work done on keyboard patterns and passwords: