Uninformed: Informative Information for the Uninformed

Vol 7» 2007.May


Layered Mnemonics

Due to the fact that MPFs can become fairly complex while attempting to meet the first three design goals listed above, a second layer of mnemonic properties can be applied to the MPF. The MPF, by definition, is a mnemonic technique due to its property of allowing the user to reconstruct the password for any given system by remembering only the MPF and having contextual knowledge of themselves and the system. Other mnemonic techniques can be applied to help remember the MPF itself. This second layer of mnemonics may also be tailored to the user of the MPF.

Given the authenticating user and the authenticating system, an adequately complex, long, and easy to remember MPF like the following could be constructed:

$\displaystyle <u>@<h\vert n>.<d\vert n>; $

This MPF contains three elements: $ <u>$ represents the first letter of the username, $ <h\vert n>$ represents the first letter of the hostname or first number of the first address octet, and $ <d\vert n>$ represents the last letter of the domain name suffix or last number of the last address octet. The modified MPF also contains a third special character in addition to the exclamation mark and period: the semicolon after the final element.

The above MPF would yield such passwords as:

  • "d@n.v;" for user druid at system neo.jpl.nasa.gov
  • "i@i.t;" for user intropy at system intropy.net
  • "t@n.g;" for user thegnome at system nmrc.org
  • "d@1.3;" for user druid at 10.0.0.33

Unlike the previously discussed MPFs, the one mentioned above employs a secondary mnemonic technique by reading in a natural way and is thus easier for a user to remember. The MPF can be read and remembered as ``user at host dot domain,'' which is equatable to the structural format of an email address. Also, a secondary mnemonic technique specific to the user of this MPF was used by appending the literal semicolon character. This MPF was designed by a C programmer who would naturally remember to terminate her passwords with semicolons.