Password Security
in Iambic Pentameter

by M.J. Rhymes & J.D. Flow
(a.k.a. Mike Cuvelier and Joe Wolf)
There are people out there who don't have a clue
on how weak passwords can do harm to you.
So what is a weak password? And why are they ill?
It's a pass that's easily uncovered, or cracked, if you will.
And if your pass is known by someone other than you
they can do things you wouldn't want them to do,
Like get credit card numbers, or snoop your PC--
it's a total invasion of your privacy!
No one wants this to happen to them (no way!),
so listen to what this lengthy poem has to say.
We're here to tell you how to make passwords strong.
Unfortunately for you, it's in the form of a song.
If a password is short, it can be cracked very fast
7+ characters are needed for your password to last.
But a long pass is useless, like "strength" or "sidelines"
For it does not meet the following guidelines
Your password should not be your user ID
Nor a blank nor a word from the dictionary
Even if your pass is a word that's spelled backwards
That technique is well known by mischievous crackers
Dictionary attacks check for all variations
of words and some numbers in all permutations
They even check placements of capital letters
which you might have put in to make your pass better
But the dictionary programs will find them eventually
giving the authentication zero security
And if the dictionary attack does fail
Attackers have another way to prevail
Brute force is a method that hackers will know
and it checks every possible letter combo
The longer the password the longer the brute force
but a long password is not the only recourse
A strong pass contains numbers, like 8, 6, or 2
and including special characters is also good, too
And along with upper and lower case letters
you mix up these characters; combine them together
So your password looks random, a complicated string
Which makes it conducive to not remembering
So you could go and write that random pass down
But that is not smart, because your note could be found.
And never record your passwords electronically
If CS was religion, that's heresy!
You must keep your password only in your brain
So here is how to do that, with minimal pain
Try making a pass from a phrase that you know
from a book or a song or a cool TV show
Then take the first letter from every word or so
and write all those letters down in a row.
Take "These are the times that try men's souls" for example
It becomes "tattttms," which you may think is quite ample
But oh no, my friend, there is more we can change
to make this password look obnoxiously strange
Now replace some of the letters with capital ones
so "tattftms" is "tAttTtmS" (we're almost done)
Finally you add some numbers in the mix
and a special character, you know, just for kicks
Now we have "tAtt23Tt@mS" which will do just fine
And to remember it well type it out a few times.
If this password is one that is meant to be secure
make sure you change every month or two for sure
How many days will prevent successful attacks?
Try 45 days to protect your secret from hacks.
If you have multiple accounts using a password,
entering the same one is simply absurd.
If your accounts are important, make each one unique
this can be a whole new string or just a small tweak.
So remember to make your passwords unique, random and long
and in a few months the old ones should be gone.
If the advice of this poem you indeed plan to heed,
then in life you are guaranteed to succeed.
(please, feel free to re-read)