I've been meaning to blog about an article I read a few weeks back: "How a password changed my life" by Mauricio Estrella. Mauricio was harboring some post-divorce ill will and depression. And (worse) he had to change his password, a password he had to type numerous times per working day. He hit on an insanely great idea:
My password became: “Forgive@h3r”
And, he reports, it worked! His mental attitude improved, snapping out of his funk.
Mauricio calls this a "mantra", but I've heard of this technique before, called "affirmation". It sounds like new age mumbo-jumbo hooey, but Scott Adams wrote about how it worked for him in his book The Dilbert Future (Here is a free PDF from (apparently) Adams that goes over some of that ground.)
Mauricio's has gone through a lot of passwords (he's required to change every 30 days!) and he lists some of his past ones:
Mauricio reports all but one of these "worked". (The sticker was number three: "it never worked, still fat.") An impressive record.
I haven't done affirmations myself, but putting one in a password seems like a painless way to experiment. But for goodness' sake, my inner computer security geek is screaming: Mauricio, pick better passwords!
Mauricio's employer requires punctuation, but using the same
symbol all the time defeats the purpose. Mix it up!
I would not recommend using correctly-spelled words
in your password.
The technique of substituting "3" for "e" or "4" for "for"
might have been clever a couple decades ago. The bad guys
know you do this.
Anyone who knows Mauricio might also know the bit of self-improvement
he's currently working on. I'm sure most of his co-workers and
acquaintances are nice people, but it only takes one jerk
to compromise an account.
What to do instead? Let's say your affirmation/goal is to work on your Great American Novel, writing a measly 300 words per day. Be creative in expressing it in your password:
- "Write 0.3 thousand good words per day or die"
- "Add 3 hundred language units to Moby-Dick" (Which is your secret affectionate nickname for your book.)
- "Type 300 in the morning, same number tomorrow" ("3e2" is 300 in many programming languages.)
Something to think about anyway. (Needless to say, none of these examples are even close to any past or present password of mine.)