We all have too many passwords. Experts tell us to avoid writing them down on paper. We all know to avoid names of our spouse, child, or pet animal and to use a combination of both letters with numbers or symbols or both. We are told about the many “system” constraints like, for example, using at least eight letters with one number and one symbol… At this point, we all feel our heads pound. Most of us succumb to frustration and use our same “mypassword#1” over and over again in utter frustration. Having administered many systems over the years, I often recommend that after my clients and friends have taken 2 aspirin and rested for 20 minutes, they devise a simple, personal “algorithm” that “recycles” a root code for all future password functions. I teach them to build passwords in their head EXACTLY the way computer systems manufacture them! Memorizing a simple rule or “algorithm” and a root rather than each individual password provides us with unlimited fresh “keys” and a “backdoor” to reconstruct the access code if we inadvertently forget our passwords.

Let me give you a simple example. An associate sells houses in several cities. He uses a lockbox with a 4 digit combination access code to store house keys at each location. These lockboxes require a 4 digit “password” that need to change as often as once everyday. His algorithmic solution? Convert the street number into a 4 digit “word”; for example, 19 Main Street changes to “0019”, 137 Pine Street changes to “0137”, 15707 Elm Avenue changes to “1570”. This 4 digit number is the “root” code. To create or change a password, add the same number, say 1, to the 2nd and 4th digits. In other words, the first password for 19 Main Street (root 0019) would be “0110” (0, 0+1, 1, 9+1). The 137 Pine Street root is converted to 0238 (0,1+1, 3, 7+1). Finally, 15707 Elm Street becomes “1671”. A day later when my associate has to change the access code on the lockbox at 15707 Elm again; he uses “1772”. A day later, he changes it again to “1873”. Finally, several days later, he again changes the code to “1974”.

OK… why is this an algorithm such a good idea? My friend NEVER writes down the access codes. Many months later, he can go to ANY of his houses and “generate” the appropriate access code to open ANY lockbox. He starts with the street number (as his “root”) and sequentially adds 1 to the 2nd and 4th digits (as his “rule”) until the box opens. He runs through each cycle until he opens the lockbox. As long as he remembers the “rule” and the “root”, he can regenerate any four-digit lockbox “password”.

Let’s switch to a more realistic example and a stronger password; at least eight letters with at least one number or symbol. Pick a word like nightmare as a root word. Insert a number somewhere in the word; for example, night7mare. Decide on a “rule” such as “add 2 to whatever letter or number is in the 3rd and 6th positions of the root”. When using letters, adding 2 to the letter “b” gives you “d”; to the letter “r”, gives you “t”. Thus, change the root word from “n, i, g, h, t, 7, m, a, r, e” to “n, i, i (g+2), h, t, 9 (7+2), m, a, r, e”. The next code change in the sequence would yield “n, i, k, h, t, 1, m, a, r, e”. You can of course devise ANY algorithm; add, subtract, or multiply any set of digits/positions. You can choose a symbol like # or % but it is harder (but not impossible) to “add 2” to generate a new symbol (a hint is using the top row of your QWERTY keyboard). Furthermore, a “root” can be a random string of letters or phrase rather than a single “dictionary” word. Finally, you can make the algorithm more complicated. For example, use a rule like “add 2 to the value in the third position; multiply by 3 the value in the sixth position”. The “key” to ANY access code you will generate is the “root” and the “rule”.

In summary – Follow good computer security practices by generating fresh strong passwords WITHOUT going crazy or writing code changes on paper. If you consistently use the same code-generating rule or “algorithm” and the same root “code string”, you can easily create a fresh password (or more importantly, reconstruct a current password) on demand.

Note: This article was reprinted with either private license rights or permission from the author.