The Secret to Remembering Passwords? Ask a Magician
Abhishek Choudhary
Passionate Global CFO | driving growth and efficiency in Technology, SAAS, E-commerce, Bio-tech, Real Estate, Private Fund, VC, Family Office, and more. Proven expertise in scaling businesses and unlocking value.
From magician, Teller, of Penn & Teller, in The Wall Street Journal:
Imagine we’re at a cafe. I hand you a pencil and a pad of paper. I ask you to write your laptop’s password on the pad, rip off the sheet, fold it up and keep it safe in your pocket while I go place our orders for caffeine-laced milkshakes.
Later, I ask you to hand me your laptop. I turn it on, look dreamily into the distance, slowly type in your password and comment admiringly on your late-night browsing choices.
“That,” I say with a smile, “is why security experts tell you never to write down your password.”
I don’t need to be a computer geek or have the budget of the NSA to accomplish this prank. The method is more than a century old and was devised by crooks—specifically, spirit mediums trying to get the dope on their clients. The medium would prepare a notepad by rubbing the back of the top sheet lightly with spermaceti wax (it was a tough time for whales). Then the medium would hand a pencil to the client and ask her/him to write down a secret question for a departed loved one and keep the question secure. Later, the rat-bastard would “channel” a message from the dead, such as, “Your dear wife says, ‘Don’t worry about our children. They will thrive without your help. Sell the house and invest in Dr. Slade’s diamond mines.’ ”
When the client wrote on the first sheet, the pressure left an invisible copy in wax (today, we use soap) on the second sheet. The medium took back the pad, left the room to “get a glass of water” (or, in my case, to fetch the frosty frappés) and secretly dusted the wax impression with powdered lead (I use something less lethal). The dusty particles stuck to the residue and revealed the writing.
. . . .
The overarching principle of magic is that magicians are willing to go to more trouble to pull off a trick than any spectator would think the trick is worth. We cripple our hands with years of practice just to make a dime disappear.
I could apply this too-much-trouble principle to my passwords by simply memorizing them all. That’s not as impossible as it sounds. Memory training is one of magic’s strongest methods. If I can glance at a hand of cards or the serial number of a dollar bill and commit that info to memory in the blink of an eye, I have quite a potent tool.
. . . .
Memory is sometimes even presented as a trick on its own. The legendary New York magician Harry Lorayne greets his audience members—often numbering in the hundreds—as they arrive, then finishes his show by calling every single person in the theater by name. He’s written half a dozen books on mnemonics (e.g., “The Memory Book,” “Ageless Memory”), and I recommend them.
The general principle of this kind of rapid memorization is to translate neutral information into vivid images, then to recall the images and translate those images back into the information. To accomplish this with numbers, for example, we generally employ a system of letter substitution. The one I use begins:
1=l (a letter with one stroke)
2=n (a letter with two strokes)
3=m (a letter with three strokes)
The reasoning changes from 4 onward:
4=r (because R is the final sound of the word “four”)
5=f or v (“five”)
And so forth.
When presented with a string of numerals, I translate them to consonants, then add vowels to create a juicy image. For example, the number 1342 (lmrn) becomes “lamb rain,” and I picture a downpour of plump little sheep. Later, I recall the image and the two words, discard the vowels, and translate the consonants “lmrn” back to “1342.” I use this system all the time for credit-card security codes.
. . . .
But, you know, I frequent lots of websites, and if I get enough of these nutty images in my head, I start to get confused. Let’s say I need to fill in my American Express card number. In the middle of my card is the famous emblem of a helmeted Roman gladiator. If I picture that head covered with buzzing insects swimming in fruit topping, will I remember whether they are “lanky bumblebees in orange sauce” (129636160242800) or “dazed mosquitoes in cherry reduction” (707309702844782)?
One lovely idea in the OP is to create a false password to mislead anyone who has physical access to your computer. You write a huge long password on a brightly-colored Post-it note and stick the note to your computer, monitor, etc. This is a phony password that opens nothing.
Anyone who wants to get access your computer or any parts of your computer that are password-protected will almost certainly spend a long time attempting to use the phony Post-it note password.
As the OP ultimately recommends, a password manager like LastPass or 1Password is ultimately a better solution to creating and using complex passwords for a significant number of websites. Then you can remember one humongous password to open the password manager and not worry about the rest.
The password managers can also generate random passwords that are as long as you like (or as long as your online bank access likes). If you’re required to change a password on a regular basis, a password manager can create a new complex password, replace the old one and permit you to go on your merry way.