Please log in.
Before you can vote, you need to register. Please log in or create an account.
Computer: Security: Password
phonotactic password   (+1)  [vote for, against]
Easy to remember passwords that aren't actual words, but follow phonotactic rules

Generate passwords that aren't actual words (i.e., they pass a dictionary check), but follow the phonotactic rules of English (or whatever language).

For instance, the word 'fleeble' is phonotactic in English, but 'srip' is not.

Phonotactic non-words would be much easier to remember than current standards for secure passwords, such as '34l#4jk&' or 'jcxvlu'.

See Dr. Suess, Lewis Carroll for examples of phonotactic non-words in English.

Linguists have pretty much describe all of English's phonotactic rules already.
-- lawpoop, Jul 16 2003

Pronounceable password generator in Java http://www.multicians.org/thvv/gpw.html
[jutta, Oct 04 2004, last modified Oct 21 2004]

Online demo of the above. http://ale.m5comput...ls/password_gen.php
About one or two of the generated passwords will actually sound okay. [jutta, Oct 04 2004, last modified Oct 21 2004]

Veet. Immac. Immodium. Domestos.
Product names are your friends.
-- my face your, Jul 16 2003


mmmmm Veet.
-- Worldgineer, Jul 16 2003


If you can write a computer program to generate pronouncable non-dictionary passwords in the first place, you can use the same program to systematically do a brute-force pronouncable non-dictionary attack.
-- sloaned, Jul 16 2003


Was baked then went stale. VAX-VMS (the best OS ever, except for the price) did that for you.
-- kbecker, Jul 16 2003


One approach which can work pretty well is to select a memorable phrase [a slightly-altered version of a common one may be good] and then do something like pick the second letter of every word. Even using "stock" unaltered phrases can work decently, though it may be subject to a dictionary attack. Can anyone figure out the last letter of "hurouvha_" [formed as above, but with a common sentence]?
-- supercat, Jul 17 2003


hurouvhar: As in, "I saw a girl last night at the bar. She was sitting all alone. I asked hurouvhar.
-- Cedar Park, Jul 17 2003


[supercat] the answer is 'o'. As in The quick Brown Fox jumps over the Lazy Dog.
Best change that password before I take over!
Incidentally, this took about 10 seconds of thought:
'h' is likely to be 'The'
'u' could be preceded by a 'q'====> 'Quick'?.
AHA!.
Even though you chose a *very* well known sentence it really shows how a regular crossword solver or someone who understands language structure can read between the lines (what [jutta] said.
-- gnomethang, Jul 17 2003


One of the problems with passwords isn't that they are difficult to remember, per se, but that you have so many of the damn things to remember. For instance, just to log on to the systems in my office I have to know upwards of a dozen passwords, and that's before I hit the internet and log on to the halfbakery and other sites. Such a plethora of, mostly, unnecessary passwords is guaranteed to induce 'password laziness' in users who just want to get on and do their work and so make life correspondingly easy for anyone who wants to hack into your systems.
-- DrBob, Jul 17 2003


One of the systems I use here at work forces a password change every month, and prevents re-use of your previous 12 passwords. Guess how many people are currently using "July" as their password.
-- angel, Jul 17 2003


7?
-- silverstormer, Jul 17 2003


Dammit! *I* was gonna say 7! grrrrrr
-- gnomethang, Jul 17 2003


I always liked the old CompuServe system's way of assigning passwords: they would take two unrelated English words, and put a non-alphanumeric symbol between them. "PRECIOUS*ANGER" or "FRIENDLY!MUST." Easy to remember and hard to brute-force.
-- krelnik, Jul 17 2003


I once had to deal with a system that was set up to force password changes every month, required mixed letters and numbers, and refused to accept real words anywhere in the password, and remembered the past six passwords.

Needless to say, after a couple of months everyone resorted to using "com1pany", "com2pany", "com3pany", etc. (where "company" was the company name), defeating the whole purpose of having a password.

Almost as bad were the database systems there that required secondary passwords to access; needless to say, they were uniformly set to "company".

While some passwords obviously need to be unbreakable, they can be written on paper and kept under lock and key. Most users need passwords they can remember, not unbreakable ones.
-- DrCurry, Jul 17 2003


Off topic question: no mater how many times a month I change my password, somebody is hacking me. I have even tried using passwords that are impossible to guess/remember, but somebody is still hacking my hotmail & yahoo accounts, even when I use different passwords for both of them. Does anybody know how they can be doing it? Is there like an effective hacking software that can help people hack into hotmail accounts? I thought those were pretty secure websites.

Gracias.
-- Pericles, Jul 22 2003


I know my account is being hacked into because.. I just know. Some crazy girl is in love with my boyfriend; she's actually wanted him for a while now (needless to say, she hates me) and she somehow managed to hack my email accounts. I know this because I keep getting replies from emails that I never sent (with the original copy of such ghost messages I supposedly sent) and I usually find important stuff in the trash, when I didn't even see it in my inbox. She's hacked my boyfriend's account too.

She can't be guessing my hint question because, believe me, that's impossible.
-- Pericles, Jul 23 2003


[Pericles] Any chance this person has access to a computer you use?
-- phoenix, Jul 23 2003


//I keep getting replies from emails that I never sent//
There are other possible explanations for this, as the source address of an email is easily spoofable. Trivially easy. If you could get the original messages with all their headers, you might be able to nail down where she is sending them from. That would help isolate whether she is truly hacking your account (i.e. the emails originated from a Hotmail server) or merely spoofing emails from you (the emails originated elsewhere).

//and I usually find important stuff in the trash//
That's a bit more interesting, interpreting it would depend on what the stuff is. For instance some anti-spam utilities might put stuff in the trash for you.

I'm not sure about hacking Yahoo. There have been several known hacks of Hotmail logins over the years, but each is usually fixed shortly after being discovered. Are you sure she's not doing something indirect, like getting physical access to a computer you use or indirect access to it through a keyboard logger that she installed? Do you run anti-virus and anti-spyware programs on your PC?

Contact me in email if you need more help, I used to work for one of the major internet security companies so I can help you with this. (See my profile page for my email).
-- krelnik, Jul 23 2003


Bliss: My hint question shouldn't be your obsession. You can check it out by faking an unsuccessful login to my yahoo account. What you will never know though, isthe answer, even if it seems obvious (for a spanish speaker, that is).

phoenix: yes, she has access to the hundreds of computers in the computer lab at campus. however, I think it's pretty unlikely that she will "gues" which computer I used and which one I didn't. (unless she has somebody spying on me, which sounds way more scary).

Krelnik: Thanks for the info, the advice and for offering your help. I thought about just stop using those accounts and get new ones, but if she can figure out my password I don't think it will be too tough for her to know if I have any other accounts. I don't know, sometimes I think she's omnipotent, that smart ass! I will take your word on the help offer if my little trick doesn't solve the problem.
-- Pericles, Jul 23 2003


Of course, if she is keyboard logging then she is reading this thread (at least [Pericles] side of this thread) and can intercept any help you get from [krelnik] as well. Perhaps [krelnik] and a few other halfbaker computer guru types should fly to Mexico . . .
-- bristolz, Jul 23 2003


If it's all expences paid I'm up for it.
-- silverstormer, Jul 23 2003


Alternatively, english to japanese phonetics:
Golf --> Go-ru-fu
Ice Cream --> Isu-du-cu-ree-mu
and so on.
-- my face your, Jul 23 2003


This is usually called a "pronounceable password", a good idea, and fully implemented. (There are also many very simplistic implementations out there - seems to be a popular novice programmer exercise.)
-- jutta, Jul 31 2004



random, halfbakery