Using a Combination of Only Six Mixed Case Characters, Numbers and Symbols Can Be Secure

This morning I read an article about using a six combination password, which jogged my memory about a conversation I had with a mathematics guru. The man was a mathematics professor who taught at the local college where I had also been teaching. We were sharing lunch one day in the school cafeteria, when the conversation changed to address the password security issue.

I had mentioned how difficult it was for computer users to come up with a password that was secure and also one they could remember. I also mentioned that it seemed that the more letters you used in the password, the more secure the password would be. As I continued on with my theory, he sat with a small smile on his face. It was one of those smiles that made me immediately realize that this man had a better idea.

He stated that you only needed a combination of six characters, lower and upper case, plus a combination of numbers and symbols. There was only one small issue with this type of a password. He presented this to me in 2001, a time when few, if any Web sites supported this type of a combination. In fact, I tried using this combination to password protect access to my local online banking account, but no joy. My bank does not accept symbols as of yet.

So what would a password look like using a combo of upper and lower case, plus numbers and symbols?:

aZ6+2b

There is just one small issue using this type of a password and that is trying to remember it. I know I would most likely have to write it down, which would compromise the purpose of using this type of password. So is there a better way to come up with a password that is secure and that we can remember? A simple, easy to remember password that most Web sites would accept without a problem?

Unfortunately there is no standardization for Web sites that will accept what we the user consider as a secure password. I know that some security gurus advise us to use phrases to secure accounts. But if the Web site you wish to use doesn’t accept this type of password, it is a moot point. I believe it is time for this situation to be addressed and that we consumers be allowed to use a password of our choosing that we believe is secure and not to have the Web site operators dictate to us what they believe is a secure password.

What do you think?

Comments welcome.