So many passwords, so little mind!

How to create passwords you can remember at will using the LPEM

by Alain Lemay

Too Many Passwords!

So, you now have a Google account, a Facebook account, two online banking accounts, an account for your city taxes, a Flickr account, a Yahoo Messenger account, a Skype account, and two blogs. And this is just the tip of the iceberg!  A 2007 study of Web users by Microsoft Research found that the average user has 6.5 Web passwords, each of which is shared across almost four different websites. In addition, each user has about 25 accounts that require passwords, and types an average of 8 passwords per day. So what do you do?

What are the optionsOPTIONS: 1- you use the same password for every application  2- you use an OpenID or similar “decentralized user identification standard”   3- You write them all down, on a piece of paper or on a sticky that you leave in your home/workspace

ISSUES: If someone cracks your password, they have access to your whole life online! These are coming along slowly but then again, some of the same concerns as before arise.

Tech support guys will tell you they can find a user’s password written somewhere in their office in under 10 minutes!

The Solution - The LPEM

The Lemay Password Encryption Method The LPEM allows you to create unique, secure, AND esay to rememer passwords for nearly every account you have.  The LPEM uses the ancient and venerable science of cryptography. Cryptography, according to Wikipedia, “…is the practice and study of hiding information”.  Basically, you  use a cipher to create your passwords.

LPEM - The Cipher

A cipher is an encryption algorithm - in layman’s terms, a series of well-defined steps that can be followed as a procedure and that will produce a coded piece of text.

Since only you will know your cipher, only you can decipher your passwords.  Each password is unique yet easy to remember using your particular cipher.

Basic password best practices

Let’s start by looking at the basic password best practices:- Eight or more characters- Use Uppercase and lowercase letters- Use numbers- Use alphanumeric characters and include special characters, where supported by the operating system.

Keeping these in mind, we are going to build a custom password algorithm for your accounts.

A basic cipher

Here is an example of a cipher used to create a password. Step 1- First and second letters in capsStep 2- Your salary rounded to two digits (i.e. 52)Step 3- Last two letters, never in capsStep 4- Two odd charactersTo add an extra layer of security, change your system on a regular basis. I suggest every 2-3 months.

Applying a cipher

Say you want to apply this cipher to create a password for Twitter.Following the cipher, you obtain:1- TW2- 523- er4- ;)So your new Twitter password is: TW52er;)

Using the same cipher, your Facebook password would be FA52ok;)

Application Specific Ciphers

You can customize your cipher according to the type of account or application using a variant of the basic cipher presented before. For example, a cipher specific to your mail accounts might look like this: 1- Take first and last letter of site, always in CAPS2- Add the word “mail” (for an email account, you would choose something else for banking or other types of accounts)3- Replace the L by an exclamation mark !4- Add a number at the end of significance (so you will remember it) but not directly related to you. E.g. number of years to retirement (18)

Application Specific Cipher - examples

Using our new mail specific cipher, you would obtain the following passwords: For yahoo mail : YOmai!18For hotmail (MSN): HLmai!18For Gmail : GLmai!18And so on and so forth.

Contact information

Copyright Alain Lemay, 2009 This presentation can be reproduced and distributed at will as long as proper credit is given. You can find me here: My Blog: BrainagesOn LinkedIn: http://www.linkedin.com/in/alainlemayOn Twitter: http://twitter.com/Alain_Lemay69On Gmail: AlainLemay69@gmail.com