A Novel, Easy-To-Remember Technique for Creating Strong Passwords


The ever-increasing power of computers keeps making passwords more vulnerable. Passwords that were once too strong to crack in a practical amount of time are now fair game. That makes longer and more complicated passwords with a variety of character types a necessity. It also means having a collection of passwords that most people can’t remember.

One solution is to use one of the free password managers with a lot of different long passwords. But there is another possible approach suggested by fellow editor Ritho. The suggestion intrigued me enough that I decided to do some investigating. It involves using one of the many web sites that are available to turn a string of characters upside down and backwards. One of these sites is here and another is at this link. I have used this latter site for the following examples.

Type in gizmo and you get this: oɯzıƃ. This may seem too short for a password but it is much stronger than plain gizmo. According to one password checker, plain gizmo would be cracked instantly whereas oɯzıƃ would take 6 hours to crack on a desktop computer. A password TechSupportAlert might rapidly fall to a dictionary attack but its upside down version ʇɹǝןɐʇɹoddnsɥɔǝʇ is rated at 10 sextillion years. These numbers have to be taken with a grain of salt but they do show that the upside down version is much harder to crack. (Of course, a cracker might also think of turning obvious strings upside down.) This suggests that you might be able to use shorter and more easily remembered strings to create a password. (But don’t lose the upside down version.)

The method for turning strings of characters upside down and backwards uses JavaScript to find Unicode characters that are reasonable facsimiles of the flipped characters. The original characters are not actually flipped but a large assortment of Unicode characters is searched to find a close resemblance. The results will vary somewhat depending on which site you use for flipping. Each site has certain limitations and for practical reasons does not employ the full set of Unicode characters. (A quick explanation of Unicode characters is given in this article.)

That got me to thinking about using random Unicode characters in a password. The set of Unicode characters called UTF-8 is pretty commonly used now and provides a much larger universe of possible characters than the usual keyboard collection. (There are 1,112,064 code points.) Just for fun, I picked these six Unicode characters at random:  ə˼˫Ȃ͡͵ъ. A password checker that I used said it would take 2 thousand years to crack. An ordinary 6-character password Fv&h5B was rated at 13 minutes. I wouldn’t take the precise numbers too seriously but the order of magnitude is indicative. Incorporating a couple of off-beat Unicode characters with your passwords will make them much stronger. But, of course, just making them longer makes them stronger.

There are a number of sites on the Internet that claim to test password strength. They use a variety of methodologies and many that I have tried do not properly distinguish non-standard characters. The one I saw at Microsoft seems to look at just the number of characters. So take the results of these tests with appropriate skepticism. The site that I have used is How Secure is My Password but I still regard its numbers as indicative rather than definitive.

Of course, using Unicode characters is not as convenient as using those from a standard keyboard. But it isn’t that much work to generate some Unicode characters and put them in a file for future use. Just be sure that whatever text editor you use to create a file to save the passwords is configured for UTF-8 and not ANSI. A previous tip discussed how to create some of these characters. If you are ambitious you can go over to this link and copy some random characters from the UTF-8 tables as I did.

Some sites will only accept passwords with alphanumeric characters but a trial that I did with Unicode passwords on several sites worked with no problem.

I am not a security professional and even the experts argue about the best way to create passwords. The purpose of this article is to explore some lesser-known options for passwords and to open the subject for comments. Let us hear from you.

About Unicode

If you are unfamiliar with things like Unicode and the way computers encode characters, go to this link for a quick and easily understood description of how these things work. The main site for the international Unicode Consortium is here.

Thanks go to Gizmo, MidnightCowboy, and Jojoyee for helpful comments and suggestions.

Get your own favorite tip published!  Know a neat tech tip or trick?  Then why not have it published here and receive full credit?  Click here to tell us your tip.

This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's and tutorials, including  a computer education website and a site for learning about the command line.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
Average: 4.5 (33 votes)