Tap, tap, tap, pause... “hmph”. Tap, tap, tap, pause... "grmph". [Ten
minutes pass.] Tap, tap, tap, pause... “Hellfire.” Tap, tap, tap,
pause... “Crap.” [Ten more minutes.] Tap, tap, tap,
Key Patterns · Dave Shea writes:
I’ve taken to using key patterns instead of memorable characters for my passwords, and it really works. Simple example:
Check out the keys used to type that. Through in a Shift modifier every second or third letter, and you've got something:
Plausible, but it strikes me that if I were a bad guy, it wouldn’t be that hard to write code to try that approach to password-guessing.
Jacek Kopecky writes “you wrote about secure passwords not only being hard to remember, but also hard to type. when creating a password I choose random keys that *are* easy to write - alternating the fingers and trying it out.”
Passphrases · John Hart and Rudi Gens write with what I think is the right answer: passphrases. I have all the ssh-agent machinery in place so that I can log into, and copy data between, all the different systems I use, without ever typing a password. But the first time I log in, I have to type a really long passphrase which nobody will ever guess; it’s a line of poetry I wrote while an angst-ridden teenager.
Of course, this doesn’t work if your security setup, like some I could name, stupidly forces you to use short passwords. In which case, you could do as Henry Albert Sebastopol Queen Victoria Crun suggests, and “generate an obscure password and save it in an encrypted text file using a passphrase... gpg is pretty handy for that.”
And Ben Hutchings points to
pwgen(1); hmm, it’s not there on
Steve Loughran suggests using “a
C++ function call from the past”:
Steve, you’re a sick, twisted individual. But you know, it might work.
I’d actually use perl, it has more special characters anyhow.
That Old Sweet Song · Dave Megginson has another really good idea: “To generate passwords that won't appear in a dictionary, pick a line from a song or poem you know well and make a password out of the first letter of every word.” If you use “/” for line breaks and put in a comma or two, this ought to get past the most paranoid password-quality software.