Security: Reshape Your Passwords

Passwords are a complexity we purposefully introduce into our lives while wishing at the same time for them to be easier to remember. The resulting trade-off is that the best ones are which you highly risk forgetting and the easy ones can be guessed by anyone who has known you long enough or has the skills with a computer along with the time and the wits to socially engineer it out of you. In short, a great password is the perfect one to forget.

With this, you might recall that alphanumeric password which makes use of your sibling’s birth date and your driver’s license with a few exotic symbols thrown in between for good but will you be as sure of that one symbol you used once you return to re-type it in somewhere after, say, six months? What about images with sentences you came up with to have a string of random words birthed from your imagination? That too sounds like a good solution doesn’t it? Having a password which is quickly available to our memory yet hidden is such a huge problem that it has bothered security experts as much as it bothers a careful teen wishing for some privacy on the family computer. To add to that, experts advise that you should keep each password different from the other so that a single event of compromise doesn’t open a gateway to all of your accounts. With that, remembering these many new passwords becomes difficult and thus come the password lockers which require a password of their own. The question thus becomes – how does an average and a lazy user like me keep an easy yet a secure password? Before I continue I would like to clarify that this is just an idea I am spewing out the effectiveness of which has not been tested mathematically nor practically – as you read this, many a good cryptographers, programmers and mathematicians are toiling through millions of lines of code to fix newly found breaches and it would be unjust to call this an actual & legit tool or a solution in front of all their efforts.

Even if I tell you how to create your password, which does give it some sort of a rule/algorithm, it is very difficult to guess what you must have chosen. The reason is that you (probably) have the entire grid spread out in front of you which everyone else can also see but only you have a special shape in there somewhere which you somehow remember. Also, this is the best thing over something like ‘password’ or ‘1234’ us simple folks prefer to choose as a password. Since most passwords require the use of a keyboard, we have the keyboard itself as the available hint to your mind. The rest is done by how you view and put things over it spatially or as how your eye sees it. This method is partly dependant on how an individual recognizes a letter and writes it. Imagine it to be something like a cross of a handwriting recognition crossed with the pattern based lock on your smartphone.

The method can be demonstrated as follows – take for example the letter L.

Now, press the keys in accordance with how you would make the letter L with the keys as dots on the entire keyboard. For the sake of demonstration, consider that the L must pass through the ‘5’ on your keyboard. (And trace these letters as I have typed them so that the idea comes across at its clearest)

Did you type in – ‘5rdxcv’ or ‘5rdxcvb’?

Or do you prefer to begin with the bottom – bvcxdr5 or vcxdr5?

Or you like to take the lines of the L separately – 5rdxxcvb/5rdxbvcx/xcvbxdr5?

Or do you view the italicized L differently as –  5tgbnm?

Or is it crooked/cursive – 5tfcvbn?

All you need to know is the letter, the starting key and how you write a letter (which you would anyway know). If you need more complexity and trust your memory, make the same with three lettered words or symbols. With each extra space/digit and each symbol, you add exponentially to the time and processing power it would take to break into your account. You can simply imprint this onto your memory by typing in the shape about 7 or 8 times.

The biggest drawback of this method is that someone can look at your personal computer’s keyboard and probably guess what keys you strike the most. The wearing out of the keys is dependent on how often you put in the password and how long have you worked on that single machine. Also, a software could check all the permutations and combinations possible with every letter and symbol around a select key and run through the entire keyboard but that would take much more time than running through a standard language dictionary for sure. But, in case someone is really hell-bent to break into your account, with time and enough computing power they absolutely will because no system should be assumed to be perfectly secure. Now until the tech community brings about a password revolution or a simple tried-and-tested method, I think sticking to shapes on the keyboard can be any simpleton’s best bet.

So, what’s your letter?

 

If you want to read about scientific work done on the subject of keyboard patterns and password, you can start with these papers:

http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5375544

http://www.ijicic.org/ijicic-10-09032.pdf

Advertisements