Uninformed: Informative Information for the Uninformed

Vol 7» 2007.May

Rotating and Incrementing Elements

Rotating and incrementing elements can be included to assist in managing password changes required to conform to password rotation policies. A rotating element is one which rotates through a predefined list of values such as "apple", "orange", "banana", etc. An incrementing element such as the one represented below by $ <\char93 >$ is derived from an open-ended linear sequence of values incremented through such as "1", "2", "3" or "one", "two", "three". When a password rotation policy dictates that a password must be changed, rotate or increment the appropriate elements:

$\displaystyle <u>@<h\vert n>.<d\vert n>;<\char93 > $

The above MPF results in passwords like "d@c.g:1", "d@c.g:2", "d@c.g:3", etc. To further illustrate this principle, consider the following MPF:

$\displaystyle <u>@<h\vert n>.<d\vert n>;<fruit> $

The above MPF, when used with the predefined list of fruit values mentioned above, yields passwords like "d@c.g:apple", "d@c.g:orange", "d@c.g:banana", etc.

The only additional pieces of information that the user must remember other than the MPF itself is the predefined list of values in the rotating element, and the current value of the rotating or incrementing element.

In the case of rotating elements this list of values may potentially be written down for easy reference without compromising the security of the password itself. Lists may further be obscured by utilizing certain values, like a grocery list or a list of company employees and telephone extensions that may already be posted within the user's environment. In the case of incrementing elements, knowledge of the current value should be all that is required to determine the next value.