[Tfug] Authentication procedures
David Cowell
davidwcowell at cox.net
Sun Mar 22 09:28:26 MST 2009
What I have found to be a simple but secure way of memorably encoding
passwords or access information is this.
If you can touch type with an uncommon keyboard layout (such as
Bulgarian) [or if you can sneak-peak such a layout]: without changing
your language or keyboard settings, touch-type the name of the site or
the answer to the requested question. In other words, for example, touch
type in Bulgarian characters on an American English keyboard, outputting
English characters. (I don't recommend touch typing English on a foreign
keyboard because too many badguys are already familiar with that trick.)
I suggest *not* making a straight-across transliteration because things
become very obvious. ("guglbob" or "гуглбоб" is a straightforward route
to revealing your secret, whereas "жкжвфдф" or (even better) "hwh./f/"
are much tougher.)
Also, if you associate with a lot of people who natively use that
keyboard it's not necessarily a good idea. (So, if you are always
writing to relatives in Belgrade and reading Serbian newspapers it's
probably not a good idea to encrypt with a Serbian keyboard layout - but
it would probably be pretty good if you were a Korean.)
Just my 2 cents.
More information about the tfug
mailing list