Security experts have shown us over the past couple of years how little effort some people put into coming up with the passwords that will secure their online accounts, routers, eMail, etc. It seems that so many people demonstrate an amazing indifference to the potential consequences of a weak password or they simply don’t understand the difference between a weak password and a strong one. It likely boils down to the difficulty factor in remembering long, secure, alpha-numeric, multi-character passwords. A lack of computer sophistication is likely to also be a factor. It’s clearly a problem that needs to be addressed to improve security in the online user experience.
So how do we fix it? In my opinion, we start by changing the term “password” to “passkey”. When a user is asked for a pass “word”, the user is prompted to think in terms of words we know and use. Until we change the phraseology, that’s the way it will be, and will continue to be a problem. It shouldn’t be a word at all. Words are the problem, not the solution.
The best passkeys, of course, are not words. They are random strings of characters. They combine both upper case and lower case letters, plus numbers and other keyboard characters, without using any words or names that can be found in a dictionary. However, not using words can make a passkey harder to remember.
Devising a strong passkey isn’t the problem. Remembering a strong passkey is the problem. But, it doesn’t have to be. In a moment, I will describe how you can easily remember any number of secure passkeys to improve your login security.
Trying to remember a different secure password for a dozen or more different logins is not something the typical person can do… or wants to do. To solve this problem, I created a flexible system for developing keystroke patterns rather than passwords. Instead of remembering 30 different passwords, I only need to remember one keystroke formula that applies to every account login.
The beauty of keystroke patterns is that you can apply one basic keystroke formula to an unlimited number of logins, but still have a unique passkey for each different login. Actually, in some instances, some logins may have very similar keystroke patterns. But, no one would know that, because only YOU know the keystroke formula.
How do you create YOUR formula for keystroke patterns?
A good example is to start with a character in the name of the company, domain name, or application. That will be where your keystroke pattern begins on the keyboard. It can be any letter in the name. It can be the first or second consonant. I can be the first or second vowel, or the first or last letter in the domain name. Your pattern could even start with the key above or below the letter you choose for your start point. But, when you choose the start point, be consistent. Use the same formula for each passkey so you only have to remember one keystroke formula, not many.
Once you have chosen the letter or character on the keyboard from which your keystroke pattern begins, you can create an up/down pattern of keystrokes that includes the number keys, the row of keys that your starting letter is on, and the use of the SHIFT key, making the passkey both upper case and lower case. Using the SHIFT key *doubles* the number of characters in the character pool, thus, doubling the time and difficulty factor in cracking a passkey. Using numbers and symbols increases, exponentially, the passkey security factor.
Your keystroke pattern can go left, or right. But, have a reason for which direction your keystroke pattern goes, and apply the same reasoning to each passkey. It makes sense to go in the direction that offers the largest number of available keys. If your pattern begins with K, the pattern should go left, because the only available key to the right (on the same row) is L. That pretty much limits the characters in your passkey if you go to the right.
To make the pattern upper case, lower case, numerical and with symbols, use the SHIFT key at convenient points in the pattern. You can use the SHIFT key on every other keystroke or just the first and last keys. Use it wherever you like. But, keep it simple. The important thing, always, is to remember the base pattern and be consistent.
Here is an example, with graphic, on creating a keystroke pattern for, say, Hotmail.com. I have decided that I will use the first consonant in the website name to start my passkey. I could just as easily use the last consonant, or use a vowel.
So, as seen in the graphic below, I will start with the letter H. Since H is in the middle of the row of keys, I can go either left or right. I usually choose to go left. So, on the row where H resides, and the row of numbers/symbols, my pattern goes up/down and to the left, as seen in the graphic below.
The left-to-right, up/down pattern, and using the SHIFT key every other key gives me the following passkey: h6G5f4D3s2.
Or, if I use the SHIFT key every other set of keys, I get: h6G%f4D#s2. That’s a 10 character passkey that almost looks like a random string of keys and would be pretty difficult to guess.
The first passkey is upper and lower case, and includes numbers. The second one is better because it includes upper/lower case letters, numbers, and special characters.
If you bang out those patterns on your keyboard a few times, you might get a feel for what I’m telling you. If right to left doesn’t work for you, then try left to right. This is simple stuff. But, it works.
So, what looks like a random set of characters is actually a very simple, easy-to-remember pattern of keystrokes. You can apply the same formula to every website. The passkey will be different, but the formula for your pattern will the be the same, making it easy to remember the passkey for every website or email account without having to write them down or use a password manager program.
This is a bit unconventional, so you may want to read the previous few paragraphs again to wrap your mind around it. It will certainly help to try creating a few simple passkey patterns of your own. Once you begin using this keystroke pattern passkey system, you will come to realize it’s simplicity and effectiveness.
Developing your own formula for keystroke patterns will allow you to remember the passkey to any account you have that requires one. You will only need to remember one formula for keystroke pattern passkeys.
Based on the interactive Brute Force Password Calculator at Gibson Research Corporation, our password from this keystroke formula would take 6.46 hundred centuries to crack with an “Offline Fast Attack Scenario.” Even with a “Massive Cracking Array Scenario,” it would take 64.65 years to crack. In my humble opinion, that’s a pretty secure passkey.
Let me know in the Comments section below if you think this system will work for you.