Password vs Passkey
Security experts have shown us over the past couple of years how little effort some people put into coming up with the passwords that will secure their online accounts, routers, eMail, etc. It seems that so many people demonstrate an amazing indifference to the potential consequences of a weak password or they simply don’t understand the difference between a weak password and a strong one. It likely boils down to the difficulty factor in remembering long, secure, alpha-numeric, multi-character passwords. A lack of computer sophistication is likely to also be a factor. It’s clearly a problem that needs to be addressed to improve security in the online user experience.
So how do we fix it? In my opinion, we start by changing the term “password” to “passkey”. When a user is asked for a pass “word”, the user is prompted to think in terms of words we know and use. Until we change the phraseology, that’s the way it will be, and will continue to be a problem. It shouldn’t be a word at all. Words are the problem, not the solution.
The best passkeys, of course, are not words. They are random strings of characters. They combine both upper case and lower case letters, plus numbers and other keyboard characters, without using any words or names that can be found in a dictionary. However, not using words can make a passkey harder to remember.
Devising a strong passkey isn’t the problem. Remembering a strong passkey is the problem. But, it doesn’t have to be. In a moment, I will describe how you can easily remember any number of secure passkeys to improve your login security.
Trying to remember a different secure password for a dozen or more different logins is not something the typical person can do… or wants to do. To solve this problem, I created a flexible system for developing keystroke patterns rather than passwords. Instead of remembering 30 different passwords, I only need to remember one keystroke formula that applies to every account login.
The beauty of keystroke patterns is that you can apply one basic keystroke formula to an unlimited number of logins, but still have a unique passkey for each different login. Actually, in some instances, some logins may have very similar keystroke patterns. But, no one would know that, because only YOU know the keystroke formula.
How do you create YOUR formula for keystroke patterns?
A good example is to start with a character in the name of the company, domain name, or application. That will be where your keystroke pattern begins on the keyboard. It can be any letter in the name. It can be the first or second consonant. I can be the first or second vowel, or the first or last letter in the domain name. Your pattern could even start with the key above or below the letter you choose for your start point. But, when you choose the start point, be consistent. Use the same formula for each passkey so you only have to remember one keystroke formula, not many.
Once you have chosen the letter or character on the keyboard from which your keystroke pattern begins, you can create an up/down pattern of keystrokes that includes the number keys, the row of keys that your starting letter is on, and the use of the SHIFT key, making the passkey both upper case and lower case. Using the SHIFT key *doubles* the number of characters in the character pool, thus, doubling the time and difficulty factor in cracking a passkey. Using numbers and symbols increases, exponentially, the passkey security factor.
Your keystroke pattern can go left, or right. But, have a reason for which direction your keystroke pattern goes, and apply the same reasoning to each passkey. It makes sense to go in the direction that offers the largest number of available keys. If your pattern begins with K, the pattern should go left, because the only available key to the right (on the same row) is L. That pretty much limits the characters in your passkey if you go to the right.
To make the pattern upper case, lower case, numerical and with symbols, use the SHIFT key at convenient points in the pattern. You can use the SHIFT key on every other keystroke or just the first and last keys. Use it wherever you like. But, keep it simple. The important thing, always, is to remember the base pattern and be consistent.
Here is an example, with graphic, on creating a keystroke pattern for, say, Hotmail.com. I have decided that I will use the first consonant in the website name to start my passkey. I could just as easily use the last consonant, or use a vowel.
So, as seen in the graphic below, I will start with the letter H. Since H is in the middle of the row of keys, I can go either left or right. I usually choose to go left. So, on the row where H resides, and the row of numbers/symbols, my pattern goes up/down and to the left, as seen in the graphic below.
The left-to-right, up/down pattern, and using the SHIFT key every other key gives me the following passkey: h6G5f4D3s2.
Or, if I use the SHIFT key every other set of keys, I get: h6G%f4D#s2. That’s a 10 character passkey that almost looks like a random string of keys and would be pretty difficult to guess.
The first passkey is upper and lower case, and includes numbers. The second one is better because it includes upper/lower case letters, numbers, and special characters.
If you bang out those patterns on your keyboard a few times, you might get a feel for what I’m telling you. If right to left doesn’t work for you, then try left to right. This is simple stuff. But, it works.
So, what looks like a random set of characters is actually a very simple, easy-to-remember pattern of keystrokes. You can apply the same formula to every website. The passkey will be different, but the formula for your pattern will the be the same, making it easy to remember the passkey for every website or email account without having to write them down or use a password manager program.
This is a bit unconventional, so you may want to read the previous few paragraphs again to wrap your mind around it. It will certainly help to try creating a few simple passkey patterns of your own. Once you begin using this keystroke pattern passkey system, you will come to realize it’s simplicity and effectiveness.
Developing your own formula for keystroke patterns will allow you to remember the passkey to any account you have that requires one. You will only need to remember one formula for keystroke pattern passkeys.
Based on the interactive Brute Force Password Calculator at Gibson Research Corporation, our password from this keystroke formula would take 6.46 hundred centuries to crack with an “Offline Fast Attack Scenario.” Even with a “Massive Cracking Array Scenario,” it would take 64.65 years to crack. In my humble opinion, that’s a pretty secure passkey.
Let me know in the Comments section below if you think this system will work for you.
9 thoughts on “Improve Security – Stop Using Passwords”
That is the best advice I have heard in a long time. I tried a program to remember passkeys but when we tried it on the same email it didn’t work. so went back to a bogus program name with all passkeys listed. Not terribly secure but better than sticky notes.
Thank you for the comment. I believe this to be an easy to learn system, and it works brilliantly for me.
What annoys me are those financial companies with whom I have dealings not permitting anything other than alphanumeric characters; ie, not permitting symbols. The latter are one way I find of increasing the strength of passwords relatively easy to remember.
I agree! I don’t understand why some sites will not permit special characters in their passwords. That is one of the reasons, however, that I devised my own keystroke pattern system. It allows for some fairly long and complex passkeys, even without special characters.
This seems like a good system but why not use a password manager and have it create strong passwords and have only one password to remember.
Every account and online login should have a different password. That way, if someone gets the password to one account, they still won’t be able to log into all of your other accounts. Having one password that you use for all accounts is a HUGE security risk.
one point, this applies to ALL password entry methods actually a couple of points.
1) please please PLEASE be on the lookout for shoulder surfers.
2) Don’t be a dummy by sticking your passphrase( or formula ) on a post it note beside your computer/workstation or whatever.
3) be wary of any seemingly helpful people asking for your password or other login credentials.
Savvy users may consider thees points trivial but it is so easy to overlook these points. BURN THEM INTO YOUR MIND AND KEEP YOURSELF SAFE
All good points that I should have included in my article. Thanks, Shaun.
This is a great idea, thank you! I realize the time I spend looking up at the ceiling when trying to come up with passwords! Will definitely try this.
Comments are closed.