As a rule, we are not supposed to use personal numbers, like national identification numbers, phone numbers, date of birth and address as passwords (PWs) and PINs. However, if we want to make use of things we will never forget, these numbers are among them. So, I’m going to show how we can use them without compromise to security.
The risk in using these numbers is that hackers will try with such numbers first when they want to break someone’s PW or PIN. Actually, what the rule is meant to bar is the use of these numbers in their exact form and sequence. If these numbers are used to construct new numbers in such a way that the original numbers are of no help, there will not be a loss of security. These personal numbers can be easily recalled as they are strongly etched in our memory. If we use one of them to work out a new number, we only need to remember the manner how it is manipulated. The reality is that it is easier to remember the manner of manipulation than to think of an entirely new number that has no association with something related to us. Numbers by themselves are difficult to remember because they have no images unless we can associate them with something known.
Here are examples how we can manipulate a number to construct new numbers from it. To make it easier to remember the process, I’ve coined terms for some possible manipulations, such as, “take them all”, two-by-two, get even, hop step & jump.
For example, from a number, say 8214043, we can derive new numbers as follows:
For date of birth or any memorable date, write the date into a single number. E.g. for the date 16/07/82, write it as 16071982 and we can manipulate it in the same way.
The use of a personal number to derive a new number for PWs and PINs is mainly for the purpose of constructing a constant. We want the constant to be easily recalled so that there is no need to write it down. This method of deriving a constant from an unforgettable number will serve the purpose.
© Lim Jun Han