Monday, November 1, 2010

Echoes from the Computer Room: Circle of Passwords

Its been a while since I did one of these and I'm a bit surprised that I've not done this already so here goes.

Chances are if you work at a company involving computers passwords are going to be a daily part of your life. And if you have passwords more than likely they will expire. As a person who spends a great deal of time resetting and unlocking password on many a Monday morning let me tell you this can get very aggravating. (Apparently there is a big reset button somewhere that gets pressed every weekend and makes people forget their passwords. So help me if I find the one hitting that button...) But I think there is one part of the password deal that trips people up really bad, remembering passwords.

Now I'm not talking about users remembering their passwords. No I'm talking about systems that remember passwords so when it comes time to change passwords you can't reuse certain things because the system recalls what you've used before going back so far. So how do we get around that? What I like to call a Circle of Passwords. Allow me to explain.

Let's say you have some sort of program or software that remembers your last few passwords and even what characters (by characters I mean letters A-Z and numbers 0-9) were in what place in your password. When it comes time for you to change it you try to use a character in the same place as before and the system recognizes this and tells you you can't do that. Just what are you to do? Set up a series of passwords that conform to the rules of the software at hand and then just keep them up in a constant rotation so you will always have an available password that you know will work so you don't waste precious work time calling for support. Here is an example.

For instance let's say we have a program that remembers the last 8 passwords you used in addition to the one you are currently using and said password expires every 60 days. Your circle of passwords will need to be x+2 where x is the number of passwords the program in question remembers. So here we need 8+2=10 passwords.

So imagine you're on the first password of those 10 (like you're a new user). You would start with that first password and every 60 days you would go on to the next one. Once you get to the 60th day of your 8th password you're gonna do something a bit different. You will still change to the 9th password but instead of going about your day and waiting for day 60 again you immediately change to your 10th password and then immediately change back to your first. I'm sure you're wondering why all the changing. Here's why.

As I said this program remembers the last 8 passwords you did and the one you're on now making it 9 passwords in all. When you get to the end of your 60 days on the 8th one you may want to go right back to the 1st one again but you can't because:

Password 1

Password 2

Password 3

Password 4

Password 5

Password 6

Password 7

Password 8 - If you try to go back to the 1st one the system will remind you that it still remembers the 1st one. So the goal is to make the system forget that 1st one so you can go back to it. Instead change it to your 9th one.

Password 9 - Now from here you may want to go back to that 1st one but you still can't because the system still remembers it plus the one you're on now. Instead change it to your 10th one.

Password 10 - Now from here you can go back to the 1st one because even with that ability to recall your last 8 passwords and the one you're on now the system can only recall password 2-10, meaning that it has finally forgotten the first one.

And when you change it back to the first one the system will only recall passwords 3-10 and the 1st, leaving the 2nd one open. The goal here is to have never-ending Circle of Passwords where every time you change your password the next one you will use is freed up to use.


It can be a bit tricky I know. Actually very tricky, I have a system at my job that not only recalls your last 8 passwords but also when you try to change your password it will check the characters in the positions of your new password to make sure you didn't have character in that position in one of your last 8 passwords. So to use the example above if I had the letter "a" in the second position of my 2nd password when it comes time to change it will actually check the second position of the last 8 passwords to make sure I didn't use the letter "a". But if you can manage to make a circle of x + 2 passwords (where x is the number of passwords the system will check back on) you will be in prime shape.
-->