The phone goes. I pick it up. "Hello, IT Support."
"Er, yeah, hi," says the voice on the other end, "Erm, could you do me a favour and reset my password on the Klueless Decision Support server? Hehe, I've locked myself out – again."
I sigh. This is the third time this week.
"Ok," I say, I'll email you the new password (mental note: set it to '1mad1ckh3ad').
I reset his password and mail it. He'll be back, I just know it.
This happens a fair bit in my line of work, and it annoys me. OK, we all get a bit forgetful from time to time, but some folks seem to have a very localised and specific form of amnesia in the area of passwords.
So I'm going to share something that will perhaps save you from annoying your IT Support crew and thus becoming the object of their everlasting scorn and hatred (we are a mean-minded lot, when all's said and done and, remember, we can get into your stuff, bwahahaha!).
You know that bit where they tell you never to write down your password? It's a great idea, right?
Yeah, except that a lot of systems these days insist on password complexity rules like not re-using any of your last 100,000 passwords, or having a password the same length as the human genome, which must include numbers, upper- and lowercase letters and special symbols like underlines, ampersands, Eygyptian hieroglyphics and so on. This makes for pretty difficult remembering, doesn't it?
So, here's how you can get away with writing down your password without leaving yourself vulnerable.
You password will be broken into two bits.
The first bit is a short (say four characters long) 'stub' which never changes. You must remember this part because you must never write it down or tell anyone what it is. Don't make it too obvious in case someone does actually guess it, or too obscure because you have to remember it. You can make the stub harder to guess by substituting numbers for some vowels like zero for O and three for E and so on. Try to make it meaningful and memorable.
The second part of your password is the bit that changes when a system insists you give it a new password. This is the bit you can safely write down.
For example, suppose my 'stub' was the name of your first ever pet, Freddie the fish. The 'stub' could be 'fr3d' (see we've already included a number to help with the complexity). Then we could stick an underscore on the end of the stub (adding more complexity) and then think of a suitable ending, say, 'summertime'.
The password would be fr3d_summertime. You could safely just write summertime in your notebook (or on a post-it stuck to your computer – always a favorite) and still no-one could use it to get into your stuff.