in Iambic Pentameter
by M.J. Rhymes & J.D. Flow
(a.k.a. Mike Cuvelier and Joe Wolf)
|There are people out there who don't have a clue
on how weak passwords can do harm to you.
|So what is a weak password? And why are they ill?
It's a pass that's easily uncovered, or cracked, if you will.
|And if your pass is known by someone other than
they can do things you wouldn't want them to do,
|Like get credit card numbers, or snoop your PC--
it's a total invasion of your privacy!
|No one wants this to happen to them (no way!),
so listen to what this lengthy poem has to say.
|We're here to tell you how to make passwords
Unfortunately for you, it's in the form of a song.
|If a password is short, it can be cracked very fast
7+ characters are needed for your password to last.
|But a long pass is useless, like "strength" or
For it does not meet the following guidelines
|Your password should not be your user ID
Nor a blank nor a word from the dictionary
|Even if your pass is a word that's spelled
That technique is well known by mischievous crackers
|Dictionary attacks check for all variations
of words and some numbers in all permutations
|They even check placements of capital letters
which you might have put in to make your pass better
|But the dictionary programs will find them
giving the authentication zero security
|And if the dictionary attack does fail
Attackers have another way to prevail
|Brute force is a method that hackers will know
and it checks every possible letter combo
|The longer the password the longer the brute force
but a long password is not the only recourse
|A strong pass contains numbers, like 8, 6, or 2
and including special characters is also good, too
|And along with upper and lower case letters
you mix up these characters; combine them together
|So your password looks random, a complicated
Which makes it conducive to not remembering
|So you could go and write that random pass down
But that is not smart, because your note could be found.
|And never record your passwords electronically
If CS was religion, that's heresy!
|You must keep your password only in your brain
So here is how to do that, with minimal pain
|Try making a pass from a phrase that you know
from a book or a song or a cool TV show
|Then take the first letter from every word or so
and write all those letters down in a row.
|Take "These are the times that try men's souls" for
It becomes "tattttms," which you may think is quite ample
|But oh no, my friend, there is more we can change
to make this password look obnoxiously strange
|Now replace some of the letters with capital ones
so "tattftms" is "tAttTtmS" (we're almost done)
|Finally you add some numbers in the mix
and a special character, you know, just for kicks
|Now we have "tAtt23Tt@mS" which will do just fine
And to remember it well type it out a few times.
|If this password is one that is meant to be
make sure you change every month or two for sure
|How many days will prevent successful attacks?
Try 45 days to protect your secret from hacks.
|If you have multiple accounts using a
entering the same one is simply absurd.
|If your accounts are important, make each one
this can be a whole new string or just a small tweak.
|So remember to make your passwords unique, random and
and in a few months the old ones should be gone.
|If the advice of this poem you indeed plan to
then in life you are guaranteed to succeed.
(please, feel free to re-read)