So I don’t think I have ever written here about passwords. It’s one of those things that is a part of The Way We Live Now that wasn’t a part of things In My Day—I don’t think that our neighborhood club (the Northview Four-Star B’s Club) had a password, and if, as I think I recollect, my elder siblings occasionally required passwords for entry to their bedrooms, it was along the I can’t let you in until you say ‘swordfish’ lines. My first bank account had a passbook; I didn’t get a bank card with a Personal Identification Number number until, oh, 1986 or so. I wonder when I first had three passwords to remember. I don’t think I had more than one or two in college—the aforementioned PIN and presumably one for the PR1ME or VAX or whatever we had, and I think that might have been it. And then after college, it was the bankcard and nothing else for years. My kids are growing up with passwords, though. I think my daughter already has three, and she isn’t twelve yet.
So. Like all of us These Days, Your Humble Blogger has had to figure out methods for selecting and remembering passwords. I probably have a dozen different passwords for different web sites (including this one), and some of those (even tho’ it is Not Best Practice) I use on more than one site. Some of them I haven’t changed in ages; some I am compelled to change every so often. It’s a mess. Like it is for you, I imagine.
Now, as it happens, I personally am enough of a pessimist to believe that any determined professional can break into any of my accounts no matter how clever I am about passwords. I am not overly worried about the level of difficulty, beyond making it not ludicrously easy—I don’t use password or 123456 or baseball or any of those, but neither am I going to eat my liver over making an unguessable-but-still-memorable password for each site, and then change to new ones every ninety days. Just isn’t worth my sweat.
But I do have a password plan, one that I haven’t seen talked about a lot, and one which I think (I think) provides passwords that are relatively easy to select and remember and are not in the dictionary lists. And I can pass it along to you, Gentle Readers, without (I think) compromising its value, so here goes: for three months recently, my password for something was PR2803.A2m37 or possibly PR2803.A2d87—I don’t remember which one I chose. If you don’t immediately recognize those, they are Call Numbers in the Library of Congress classification system and the correspond to two editions of As You Like It, both of which were checked out to me at the time. Of course, having the actual book from a library that uses LCCNs helps, because I can just look at the spine of the book until my fingers remember the password. However, an actual physical book is not necessary: the Library of Congress will provide.
Let’s say you want a new password for your Google account. How about HD9696.8.U64g6657? I don’t know if the book’s any good, of course, but I don’t need to read it, do I? Or what about PN6728.B33d4? If you want a longer, stronger password, just prepend the ISBN number: 0880920718PZ7.H37595Go is 22 characters, including upper and lower case letters, numbers and a punctuation mark, and it tops out the meters at the web sites that rate passwords. No, you are not going to memorize it, but you can easily find that LC page again to copy the info from. Or you can bookmark the LC page! Or, if you are worried that someone will see your bookmarks and figure out how to get from your bookmarks to your passwords, stick the books in a wish list or browse list at a retailer, and then use the ISBN to get the LCCN each time.
Or, really, if you are worried that someone will see your bookmarks and figure out how to get from your bookmarks to your passwords, then accept that such a determined and intelligent person is going to figure out your passwords anyway, and stop worrying about it.
Tolerabimus quod tolerare debemus,
-Vardibidian.
Neat idea. I also really like this XKCD: https://xkcd.com/936/