Universal Password Formula - Scott Adams' Blog

Universal Password Formula

If you’re like most computer-using people, you have about four hundred different passwords for various accounts. If you’re smart, those passwords aren’t all the same. You don’t want a thief who gets one of your passwords to effectively have all of them. Is there a solution to this problem that doesn’t involve technology? Could one come up with a scheme for remembering all four hundred passwords even if each was different?

Allow me to describe one potential solution. Then, according to tradition, you can tell me how stupid it is. Consider the idea that follows as nothing more than the inspiration for you own better idea that you will triumphantly put in the comments.

Here’s my idea: Suppose that instead of remembering a password, you remember a formula for how you created the password in the first place, and that formula applies to all of your passwords for every system. In that case, all you’d need to remember is one formula instead of four hundred passwords. Allow me to give you an example.

Suppose, just to illustrate the idea, you decide that your personal formula for creating all of your passwords is always comprised of the following components:

  1. The first letter is for the type of service. F might be for financial services, such as a banking or investment account. G might be for game accounts. E might be for email, and so on.
  2. Next is the first three letters of your birth city.
  3. Next is a two digit number based on the alphabetical order of the first two letters of the service’s name. For example, AOL starts with an A, which would be 1. The letter O is the 13th letter of the alphabet. Together they are 113.
  4. The last digit would be the sum of the numbers generated by step 3. In this example that would equal 1 1 3=5.

Your formula would be your own invention, and potentially different from every other person’s approach to passwords. If someone steals one of your passwords, the thief is unlikely to guess what formula you used to create it. In theory, if an experienced code-breaker got ahold of perhaps three of your formula-derived passwords, and he had lots of information about your personal life, he could deduce your master formula. But that’s asking a lot of your common password thief. And realistically, if someone gets three of your passwords, the thief either lives with you or stole your laptop, so you have bigger problems.

The most obvious risk with the formula approach is that if it became widespread, some people would create formulas that are too easy to deduce, such as their cat’s name plus the first two letters of the online service. But that’s not your problem.

The second problem is that all of your formula-created passwords would be awkward and hard to remember. You’d have to apply the formula in your head almost every time you wanted to enter a password. But that’s how passwords are supposed to be. That’s more of a feature than a bug.

With the formula approach, you’d have an extra complication with services that require you to change your password periodically. And you might want to change an individual password now and then for your own reasons. Those new passwords would be off formula, unless you added a version number to the end. That way, if your formula doesn’t work, you next try it with 1 at the end, then 2, and so on. It’s not a perfect solution, I know.

That’s my craptastic idea for today. I call on your collective genius to fix all that is broken with this idea and make it a winner. When you tell me how you’d approach this problem, remember your solution must meet these criteria:

  1. The formula must always work and be unambiguous.
  2. The formula must not be obvious for a thief who sees one or two passwords.
  3. The formula itself must be easy enough to remember.
  4. You need a way to deal with password changes that go off formula.
  5. No technology is involved.

Okay, now it’s your turn. Is this approach feasible?