Enhanced Acronym Passwords
Enhanced Acronym Passwords offer a way to hide names, dates, and other facts that can be socially engineered or otherwise attacked by common password cracking methods. With clever designs that can be varied and made unique by each person using this method, we can allow the best of our humanity to shine while getting an important job done.
Captured in this graphic is the simple process with variations. This article is a step-by-step walk-through of the how, the why and the history of this method.
For some time to come we’re still all going to need to remember at least a few strong passwords. Enhanced Acronyms is a hidden gem approach that allows human ingenuity to prevail even in the face of the many ways bad actors attack our personal security.
Each of the two graphics in this post provides a different example of creating an Enhanced Acronym Password. It all starts with a phrase that is personally meaningful to you so each example uses a different phrase. The graphic uses color coding to illustrate a how to convert the phrase into a memorable, long, and strong password that avoids many of the patterns that make a password easy to crack. Multiple variations mean even people who pick the same phrase don’t end up with the same password. Variations also mean you can create something you find easy to type.
How do I do this?
- Select a phrase that’s personally meaningful to you and easy to remember.
- Example 1: “I solemnly swear I am up to no good” from Harry Potter
- Example 2: “I’m gonna make him an offer he can’t refuse” from The Godfather
- Consider adding a few surrounding facts if you want more characters to select from
- Example 1: We added “The Marauder’s Map” as the device using the phrase, the full book name of “Harry Potter and the Prisoner of Azkaban” and the author’s name, “J.K. Rowling”
- Example 2: We added “Marlon Brando” as the actor who plays the character “Vito Corleone”, the character who says the line, in the movie which was made in “1972”
- Consider your options to compress words and substitute numbers or special characters. This is an “Enhanced Acronym” because it doesn’t have to follow any rules.
- Example 1: The word “up” can be used in full or represented by “u” but also one or more special characters such as ^, /\, or +.
- Example 1: “The Marauder’s Map” could be “TM’sM” or “MM” or “TMM”, etc.
- Example 1: The words “to” or “and” could be used in full, represented in an acronym by their first letter, or substituted, respectively, by the number 2 or the symbol +.
- Example 2: 1972 could be used in full or ’72 or just 72.
- Example 2: A contraction like “I’m gonna make” could make use of the apostrophe or not
- Example 2: Normal capitalization, such as “I” can be used or not
- Move things around so you have as long a password as you want yet avoid many of the patterns that make your password easy to crack. (See our post: How To Make Your Password Easy to Crack)
- Use characters like comma, semi-colon, colon, tilde, dash, etc. to connect sections as you wish
- Practice typing your password before committing to it. If a set of characters is just too tricky to type easily, explore ways to change things around or switch to a different phrase. When you put this time in up front, it becomes much easier to stay safe with a great password.
Do I have to do all this for every single password?
If you’re someone with a lot of accounts and a lot of passwords, of course you can’t do this for each one so here’s the strategy:
- This is an excellent process for your master passwords, the ones you absolutely have to remember and absolutely need to be strong. Places to use a master password include your password manager, if you use one, your laptop or workstation, and your phone.
- When you use a password manager with a strong master password and 2-factor authentication you can safely store other passwords there, making it feasible to let the password manager generate strong passwords for you that you don’t have to remember. The password manager offers many other advantages we’ll go into another time.
- Tip: Consider generating a few extra passwords ahead of time. That way, if you ever have to change a master password in a hurry or need a new master password quickly, you can look up one you’ve already taken time to create.
What’s the history?
- SecuriThink founder, Linda Rust, invented this for her own use in 2012 but it turns out she only invented a variation of the “Schneier scheme” which the brilliant cryptologist Bruce Schneier first described in 2008 and wrote about again in 2014.
- These examples are two of a four-image password card set printed in a high-quality postcard size. If interested in the printed version, contact us at Hello@SecuriThink.com for more information.
- Sign up to be notified when new Field Notes are posted so you don’t miss any of the good stuff we have coming up. We also post on making the business case for cybersecurity and Cybersecurity Maturity Model Certification (CMMC).
- If you have comments, please join the discussion on the relevant LinkedIn post
- Choosing Secure Passwords. Bruce Schneier. 2014. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
- How To Make Passwords Easy to Crack. Linda Rust. 2022. https://securithink.com/how_to_make_passwords_easy_to_crack/