Using Linguistic Phonetics for Secure Passwords

Using Linguistic Phonetics for Secure Passwords
Video: Using Linguistic Phonetics for Secure Passwords

Secure Passwords and Linguistic Phonetics

Armed with knowledge of linguistic phonetics you’ll be able to create lengthy and secure passwords. These secure passwords qualify for any of the cybersecurity frameworks. It will also allow you to easily remember the password without having to write it down.

The Human Condition

We first took a look at the “human condition”. We wanted to know what, how, and how many phonetic segments a human could recall. It turned out that the number was seven. However, the methodology described in the video above makes use of five phonetic segments. Five allows us to have a password length ranging from anywhere between 20 and 25 characters. That’s a big win!

Human Memory

Short term memory lasts for seconds to hours. Long term memory lasts for up to years. Working memory allows us to keep something in our minds by repeating it over again and again.

In this use case we want our passwords to enter what is called, our non-declarative or implicit memory. Here we will be able to recall something without much of a thought. This is akin to muscle memory.

Some Password Requirements Make Matters Worse

The NIST has noted that the random algorithmic complexity of passwords is making matters worse. How so? Users who are required to apply a mix of characters, case, numbers and symbols are merely replacing letters with their alternative and comparative counterparts. An example would be replacing the letter “E” with the number “3” or replacing the letter “I” with the number “1”.

Also making matters worse, are the requirements to change the password reset intervals. The 90 day interval is a typical requirement. This is forcing users to create simple and insecure passwords. They create these passwords with the idea that they will have to change it in a relatively short amount of time.

The NIST has thrown out these two requirements.

Screening Passwords

The NIST recommends screening your passwords. However, we need to express a level of caution here. A website that allows you to screen a password against a list of known breached accounts may, very well, be collecting the password you are attempting to screen. If you do screen a password it should be done merely to check if a password you once used was part of a breach.

Use Phonetic Segments to Create Secure Passwords

Rather than to rely on a screening website, generate a password using phonetic segments. You may assume that your password is unique given the level of complexity that’s inherent in the use of phonetic segments. No dictionary attack will defeat your password.

What is an example of a password generated with phonetic segments? We’ve created one below. Take a look and take note of the segments.

Secure Passwords
A Secure Password Using Phonetic Segments
  • 5 phonetic segments;
  • 24 characters!;
  • No dictionary words;
  • No comparative character to number replacements;

A Secure Password Strategy

  • Use password screening technology against a deprecated password. Cyber-criminals maintain dictionaries of known passwords.  Verify that your old password has not been exposed in a breach;
  • Implement password expiration’s yearly. Do not force the 90 day reset interval;
  • Do not use dictionary passwords;
  • Your password should be unique for each platform, service, or account;
  • Use a secure and encrypted open-source password manager to keep track of your passwords;
  • Never accept when your browser(s) offer to remember your password;
  • Target implementing a password with at least 20 characters;
    • Achieving lengthy passwords can be done by using linguistic phonetics. Always consider incorporating phonetic segments and non-comparative alternative characters, such as numbers or symbols, to generate a lengthy, complex, and secure password;
    • A human can easily remember 5 phonetic segments. This will result in 20 characters or more.
    • 7 phonetic segments is typically the maximum a human can remember.
  • Allow for 10 attempts before lock out an account and/or force a password reset;
  • Requesting password hints or questions should not be used.  They are typically too easy to guess;
  • One-time passwords sent over SMS is not recommended.  Use an authenticator application.


Interesting Articles

Hits: 124

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of business operations and any information security program. For those that have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, and physical storage devices.

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”


Your email address will not be published. Required fields are marked *

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.