Press "Enter" to skip to content

How to create drunk proof passwords

password

We all know how to create a good password. There are zillions of article on tips of creating strong password. We know it is necessary to choose long password which includes numbers and special characters and its better not to choose a word from dictionary as password. Also, if you are like me, you have hundreds of online account on different websites and its best practice to choose a different password for each account. This will ensure you if someone got (read: hacked) your password for one account, your other accounts will still be safe.

But there is a case when someone can trick you to ‘social-hack’ your password. It is very easy to spit out your password when you are drunk. Someone can just ask you for your password and you can just say it to them. How do you prevent such a situation?

Here I will discuss a method to make your password drunk-proof. This method will not only ensure that no one can take password from you when you are drunk, but it will also obey all the advanced rules of creating a strong, brute-force-proof password. This simple method will also create a different password for each of your accounts. And the biggest advantage of all – you don’t have to remember a single password nor you have to use any other tools like password manager. Yes, that’s right, you don’t have to remember a single password nor you have to use any other tools. And that is the main funda here, no one on the earth knows your password, not even you.

So here is how to create one. We will take example of creating a password for www.yahoo.com

1) Get the string: So we are creating a password for the site www.yahoo.com. We will truncate ‘www’ and ‘com’. So our string will be ‘yahoo’.

2) Get the formula: Now all you need to do is create a formula for your password. A simple formula for example would be the “+1” formula. So for ‘yahoo’ it will be,

y + 1 = z
a + 1 = b
h + 1 = i
o + 1 = p
o + 1 = p

So your password for ‘yahoo’ using the formula ‘+1’ is ‘zbipp’.

But ‘+1’ formula is not enough, you need more complex formula. An example of more complex formula would be “Reverse – 1 interleaved with Date of Birth”.

yahoo reverse = oohay
oohay - 1 = nngzx
nngzx interleaved by Date of Birth = n19n84g15z06x

So it will give you “n19n84g15z06x”. You can make it more complex by replacing numbers with their respective special character, which will result in “n!(n*$g!%z)^x”. You can modify your formula anyway you like. Instead of +1 you can have incrementing pattern or any other pattern. Instead of Date of Birth, you can have your car VIN number or your driver’s license number or anything.

Now you can use the same formula for all other accounts. For www.gmail.com, simply replace the string from ‘yahoo’ to ‘gmail’ and you have completely random password for gmail without remembering it.

The randomness and complexity of your password is only limited by your imagination of creating the formula. Once you create your formula, you will have totally random password for all of your accounts.

That’s it. Just remember your formula and it will create a random password for every account that you have. And no one in the universe knows your password, not even you. And that is why the password is drunk proof. Try to speak “n!(n*$g!%z)^x” after you are drunk and see it for yourself.

It will be time consuming to enter password by this method initially for a week, but once you master the trick, you are invincible.

52 Comments

  1. Amit
    Amit September 23, 2009

    Very useful post. I will change all my passwords this way now.

  2. Waaco
    Waaco September 23, 2009

    In the second example. In stead of Yahoo you used Yayoo. So that fucks up everything. This would not work.

    • Brijesh
      Brijesh September 23, 2009

      My bad Waaco, it was a typo, it is corrected now. Thanks for pointing that out.

  3. Jimy
    Jimy September 24, 2009

    Enjoyed reading this post. However this trick is not my cup of tea as I never enjoy LOGICAL password. The last time I tried something like this I had to change my password the very next day as I could not recall the MATH;)

    Good job… keep it up !

  4. Brijesh
    Brijesh September 24, 2009

    Yea Jimy, initially this can be hard to remember, but once you master the trick, you are invincible. And you should be good at MATH or you are not doing fair to your company name – Mathworks 🙂

  5. cryptoguy
    cryptoguy October 24, 2009

    this may be an easy way to remember your password for amny different sites, but it it is very insecure. the cipher described could be very easy to guess.

  6. GMNightmare
    GMNightmare October 25, 2009

    Cryptoguy, you are not a security expert. In fact, your words, complete inane and incompetent.

    The cipher described is practically the best password you can make, especially with the special character additions. It is not very easy to guess, you are such a liar, especially when somebody else makes their own. No, back up your statement. Why do you think it’s so easy to guess?

    Here, I have a password for, let’s say yahoo just like the example. Quick, guess my formula.

  7. DEAk0n
    DEAk0n October 25, 2009

    I’m going to have to back GMNightmare on this one. Although, on paper this method seems insecure. In reality it is not. The interleaving of data, and conversion into non-alphanumeric characters raises the password security exponentially. A quick test on my own computer, using the latest John the Ripper, failed every time to crack a password generated in this manor.

    • Brijesh
      Brijesh October 25, 2009

      Thanks @GMNightmare and @DEAkOn, is you guys said, it seems insecure on paper, but its not. It is possibly one of the best secure password that you can remember.

  8. john
    john October 26, 2009

    Yes, but it would be so much more appealing to talk about your algorithm at the bar than your actual password…

    • Brijesh
      Brijesh October 26, 2009

      @john
      Well, thats a good point. Its so much appealing that people write blogs on that 🙂

  9. Mike P
    Mike P October 26, 2009

    Very cool method for creating complex passwords that are easy to recall. I’ve been working on my formula and you’re right… It’s a pain to get my brain to work this way, but it’s getting easier. Now I need to find an account that doesn’t matter if I mess up the password. 🙂

  10. Fill
    Fill October 27, 2009

    Nice. Better than using the same password for all sites, but not an obvious formula either.

    Heh, I had to help a friend out with his website and he gave me his password, and it was something like hosting.com4bob (with hosting.com being the domain of the site, and Bob being his name). He essentially gave me the passwords for all his accounts, doh!

  11. nurta
    nurta October 28, 2009

    For those that don’t know the basics of password analysing:

    There are two types of passwords, those that are easy to remember such as “john29” and those that rely on obscurity such as “52jEn$” the first is less secure as it falls for a dictionary attack (trying words from the dictionary with numbers randomly around it). The rest relies on a bruteforce attack (randomly trying every possible password) as one can best guess it through random chance. A brute force attack can get any password even one generated in this way in the same amount of time as an equally strong (strong being a function of length and the size of the character pool). Technically using this would be weaker if and only if someone knows you use this algorithm or a closely related one. Because if they knew that they can generate (for a n length domain) n characters of your password in 26 tries, rather than (assuming case sensitive alphanumeric) 62^n tries. And if you just your birthday they know there’s at least 4 digits and if they know your birthday it lowers it significantly. Then it’s a matter of putting random characters in random spots. While it still is very large, it’s smaller than if it’s fully random.

    But really the benefit is it’s easier to remember than a fully unique password for every website and since a strong majority of pw attacks will be focused on 1 or 2 sites which means making a program just to crack this algorithm isn’t worth it, meaning they’d jsut use brute force which makes it just as secure. Then you also have the benefits mentioned above.

    Basically it is less secure if you make a cracker based on this algorithm and you know they follow this algorithm, but obscurity means it’s just as secure in terms of cracking. AKA less on paper, just as in practice

  12. SayBlade
    SayBlade October 28, 2009

    Or, the perfect solution? Don’t get drunk!

  13. devongarde
    devongarde October 29, 2009

    An interesting scheme, beyond doubt worth exploring. The one weakness I see, a minor one, is sites that change their name. It was MSN, then hotmail, now it’s live. Ok, so we’d all probably remember that example, but more obscure sites, visited occasionally?

    Nope, I still think the best and most secure solution is to have one password for everything, and to have it tattooed on your forehead. No one would ever believe you’d be so stupid as to tattoo your one password on your forehead for everyone to see, so you’d get away with it.

  14. Brijesh
    Brijesh October 29, 2009

    @ Mike P
    Let me know if you found such account. 🙂

    @ nurta
    I didnt quite get how they can crack this in 26 tries? Wouldn’t it be (password-length)^(26letters+10numbers+NumOfSpecialCharacters)

    @ SayBlade
    Thats the best solution possible. 🙂

    @ devongarde
    I like your forehead-tattooed-password method. I should give it a try

  15. Mike P
    Mike P October 29, 2009

    I ended up using my formula on a forum that I frequent. I did make sure my email address was up to date before I set it though. 🙂

  16. Mike P
    Mike P November 1, 2009

    Well I found the biggest distractor to using this method. I went to login to the site that I’m using this method with my smart phone and found I was going to have major issues since the keyboard layout is different and I couldn’t remember what character goes with each number.

  17. anonymous
    anonymous November 2, 2009

    Mmmm really nice tip actually, I discovered your post via StumbleUpon.
    I’m thinking of taking it to the next geek level and create a C program with my algorithm. That way all i have to do is encode and decode the site string using the program, and I can make the algorithm as complicated as I want.

    Thanks for the tip

  18. nurta
    nurta November 2, 2009

    @Brijesh
    The 26 is only for part of it, the site name part, since it is done through a “letter shift” there’s only 26 (counting no shift) different shifts possible as there’s only 26 letters. That would then be multiplied by the other parts (the birthdate, and random characters) and raised to a power corresponding to the rearrangements possible (y24a02ho43o vs y2a4h0o02o43)

    @anonymous
    If you do that you’d have to password protect your program and encrypt or delete your source code or anyone could find out your password with it

  19. Dan Dart
    Dan Dart November 14, 2009

    What if the website’s name is ridiculousbooksinanutshellforever.com hahaa

  20. linus
    linus November 15, 2009

    sometimes i put the whole sentence togerther, its easy to remeber but hard to break!

  21. Mike J
    Mike J November 15, 2009

    Great, so now instead of me accidently telling someone my password or having them guess it, they can just stand behind me and watch me type it slowly because I have to figure out the complicated string as I go EVERY TIME.

    Here’s a solution, don’t get drunk when there are a bunch of dicks who want to steal your password around. Problem solved.

  22. Alex
    Alex November 20, 2009

    Very cool. I’ll definitely play with it, but I like how important everyone makes themselves sound. If I was trying to access some secure information/database, or trying to steal someone’s identity/CC info/ etc. I would logically assume that it would be smarter to use a dictionary cipher on someone with a John69 password, as the type of person who spends the time to come up with algorithms for their PW, probably keeps their Credit card information/SSN/etc, fairy secure. I think I’ll stick with John69. One last note, from experience, more than 80% of the time, I don’t need someone’s password to get into their account. So just because you have a super l337 algorithm password, it doesn’t mean that the site you are using it on is entirely secure.

  23. Willard Benway
    Willard Benway December 1, 2009

    Geez, simple character rotation. How easy to hack.

  24. Mick
    Mick December 9, 2009

    Don’t understand some of the jargon your using but found it informitive anyway. I’m going to give it a try. Thanks

    • Brijesh
      Brijesh December 9, 2009

      @Mick,

      What jargon in particular ?

  25. Mick
    Mick December 10, 2009

    I understand the article fine and can follow exactly what your saying its the comments afterwads some of which just go over my head but ive started trying out your system using random words to practice with and im impressed how easy it is. I’m working up to more complex versions like you sugested and hopefuly i’ll try it on some of my passwords soon.
    Cheers

  26. Brijesh
    Brijesh December 10, 2009

    @Mick,

    Glade that you liked it.

  27. Brijesh
    Brijesh December 10, 2009

    @Dan Dart,

    if your website’s name is too long, you can have some rule, lets say taking first 6 letters of that website, simple.

  28. J.M. Bagadonuts
    J.M. Bagadonuts December 20, 2009

    After reading your post and giving it some thought, it sounds like a pretty good system. The only drawback that came to mind is that if the bad guys were intent on breaching your system, once they’ve figured out one of your passwords, they would have the answer to ALL of your passwords. That aside, I still like your idea and doubt that anything I have hidden behind a password is important enough for anyone to pursue.

    Thanks for sharing a good post. Merry Christmas, Happy New Year and best wishes to you!

    http://www.thebornloser.net

  29. HomelessJoe123
    HomelessJoe123 December 22, 2009

    this is a great idea. another easy way would be to move over a key or two on the keyboard instead of having to think of the next letter. Using my formula for TestSite.com i get D01yd2#rY8& and it took me 10-15 seconds to make it.

  30. Brijesh
    Brijesh December 22, 2009

    @J.M. Bagadonuts
    I think even if someone gets to know your password generated by this method, they wont be able to figure out your formula. So your other sites will still be safe.

    And also, its really hard to remember random characters and symbols anyway.

  31. Brijesh
    Brijesh December 22, 2009

    @HomelessJoe123
    Your idea is great too. In fact very easy to implement. Have to try it out. 🙂

  32. h8r
    h8r January 27, 2010

    There is nothing random about a password generated this way. It may appear random to someone without knowledge of the algorithm used to obfuscate a very simple mnemonic. But there as absolutely nothing “random” about this method of password generation. Other than that, good article. I use similar concepts to make my password easy for me to remember yet complicated enough that they are not easy for the average idiot to guess at.

  33. Brijesh
    Brijesh January 27, 2010

    @h8r
    Thanks for you view.

  34. Tony Cheetham
    Tony Cheetham March 2, 2010

    I use a random phronetic abbreviation method, that generates totally random passwords of large complexity, that can be easily remembered without maths. Can’t remember where I learnt it, but it wasn’t my initial idea..

    Take a random phrase, the number of words roughly being the number of characters you want, being sure to include some numerical references, and words such as “plus” or “at”. Then convert the first character into your password. It takes a bit of practice to get something complex enough, but now I use a minimum of a 12 character random password. Example;

    Microsoft has 51 monkeys working at Richmond = Mh51w@R
    Bob plus his two friend didn’t see a single star at night = B+h2fdsa1s@n

    If you’re into books you can pick up some awesome passwords from your favourite passages, and there super easy to remember.

  35. Tony Cheetham
    Tony Cheetham March 2, 2010

    Actually, Bob plus his two friend didn’t see a single star at night = B+h2fdsa1*@n

  36. Brijesh
    Brijesh March 3, 2010

    @Tony
    Now I know your passwords, whats your bank account number? 🙂

    Thanks for sharing your method, its easy to remember compared to what I wrote.

  37. Ajay
    Ajay October 18, 2010

    This is not useful method on financial sites where you have to change password periodically.

    • Brijesh
      Brijesh October 19, 2010

      You are wrong. You can use this method on financial sites as well. Use the same formula on your new password and it will give you totally random alpha-numerical using the same formula.

      • Gibbings_lfc
        Gibbings_lfc July 24, 2011

        You are wrong. If you use +1 for halifax.com, it would be ibmjgby, if they ask you to change it after 3 months, you’re fucked.

        • Anonymous
          Anonymous July 25, 2011

          Gibbings_ifc,

          Why would they ask you to change? and why would that be a problem?

          • Xeyla Darkwater
            Xeyla Darkwater June 10, 2017

            some websites take their security very seriously, hence the periodic password changes.

        • Joe
          Joe April 26, 2014

          Then do +2

Leave a Reply to nurta Cancel reply

Your email address will not be published.