(Note: an edited version of this is available at Medium.)
An effective way to create great passwords with a built-in failsafe.
Recently I devised (at least independently) a method for password creation that is safe (effective), has steps to easily add extra layers of protection, and is usable by basically anyone, forgetful or not.
Sorry, p@ssw0rD is not “safe” and neither are Post-it notes.
Unfortunately many people still use passwords made from real words, and use the same passwords for everything. Not good, right? I think most people instinctively know this, but doing something about it seems too troublesome.
Complicated passwords are difficult to remember, so if you do create one, you create one… and use it for everything.
Here’s a simple solution: a pack of playing cards.
Your standard 52 card deck will give you four passwords, at least 13 characters in length. Here’s how to set it up, and why I think it’s effective. At the end, I’ll list out methods to make the passwords even harder to crack, and ways to make an easier to remember (though less safe) version.
1. Separate the pack into each suit.
Ace through King gives you 13 cards per suit. Designate one picture card or the Ace to be lower case. Use a Sharpie if you must.
2. Shuffle each suit thoroughly and separately.
Thirteen factorial alone gives you 13! = 6,227,020,800 possible configurations, but there’s actually many more possible password configurations per suit than this because you’ve randomly assigned one of the letters on the face cards to be lowercase, and you can either assign the Ace to be A, a, or 1 and the Ten as either T, t, or 10.
My sample shuffle gives me: 92k10835A7Q46J
Pretty decent password.
Repeated again in clubs, I get T7Q196Kj43825
For this example, I replaced the Ten and Ace with “T” and “1.”
Repeat twice more and you have four very good passwords.
Storage is simple. Cards go back into the box to be stored in a very safe place. Locked safe, or some out-of-reach place where you store valuables like jewelry, cash or important documents. Some place the pack isn’t likely to opened and shuffled. No one will suspect that the deck of cards is actually you’re passwords set — unless everyone starts doing this, and let’s face it, they won’t.
Your computer (or phone) likely stores a lot of these passwords so you won’t have to recall and type them out often.
Important note: It’s not important that the shuffles appear random, only that it actually is.
Actual randomness (or events near enough that it makes no difference) doesn’t really work the way most of us intuitively think it does. It often ends with what looks to us like patterns. Cards may end up regrouping with for example, two or three cards that form an ordered set, like 234 or 765. You can rearrange that if you want, but it’s not necessary for the password to be “randomized.”
One red deck, one blue. That’s 8. Cards come in different back designs. For my example, I’m using Tally-Ho playing cards, but there are Bicycle, Bee, WSOP, Budweiser, cheap drug store cards and practically countless others to choose from.
On making the password even more tricky.
In case 13! isn’t good enough for you, your two Jokers can come into play. Just assign it a value and shuffle it in. Now with just adding one card creates a minimum 87,178,291,200 combinations.
You can also assign cards new values.
In my first sample, I created: 92k10835A7Q46J
But that could easily be 9dKt835a7Q46j or nDK1083fA7q46J with an intuitive substitution of “d” for 2 (deuce) and “n” for Nine and “f” for Five. If these changes aren’t intuitive to you, you can use a Sharpie to mark the cards you’re altering for your password. You could apply these changes to passwords of just the red variety, or maybe just hearts and spades.
Additionally, you could replace a number with a non-intuitive (or less intuitive) character or string. The Ten could become “qo” for the two keys underneath the 1 and 0 on the keyboard. “7” could become “&.” Or, change the Queen to “v.” Create a system that you’re likely to remember or mark the cards.
Here’s a sample result using a Joker:
With a few substitutions, I’ve created a fantastic 15-character length password.
Simplification for passwords you may not want to store on your devices that are easier to remember.
Though less safe, eight characters is still moderately strong.
Eight cards gives you just 40,320 possible combinations, but you choose those eight cards, creating many more possibilities.
My simplified 8 card password:
NA8-jq25 — a password I can remember as “North America 8 - jack-queen twenty-five.”
A6wt5KQ7 — trickier to create a mnemonic for, but not impossible. “A6 wt5 ( “w” for “Wild,” five like “f,” wtf… what the five) Kwing 7.”
And there you have it, the Bradtastic Method of Password Creation!
What I’ve presented is really just the beginning of a scalable method for password creation with a built-in failsafe — a pack of cards kept in an actual safe!
Create your own coded system to enhance it, use ten or twelve cards instead of 13, or use the basic method.
Better still, set the system up for your parents who might still be using passwords like “OurDogsNameYearWeGotMarried.” And then send me presents when your inheritance isn’t stolen by a hacker.