## Maths to the rescue!

Do you recall our article on “Creativity@CERN” and the problem of creating good, memorable passwords? Given the feedback we’ve received, it still does not seem to be that easy.

So let’s take another approach – the physicist’s/engineer’s/mathematician’s way. For them, mathematical formulae are bread and butter: binomial expansion formulae, Pythagoras’ Law, integrals or derivatives, Laplace or Fourier transforms – you name it. Furthermore, there are plenty of physics formulae: Maxwell’s equations, the Schrödinger equation, the standard model Lagrangian and so on. So why not use your favourite mathematical or physics formula as your password?

Passwords are supposed to be at least eight characters long with a mixture of at least three of the following: upper-case letters, lower-case letters, digits and symbols. “sin^2(x)+cos^2(x)=1”, “e^ipi=-1”, “Integrate[x^n,x]=x^(n+1)/(n+1)” or “ihbar*dPsi/dt=HPsi” would do the job perfectly! The variety is vast and you already have them memorised ever since your early studies at school or university! What’s more, if you’ve used Latex or Mathematica before, you will even know how to write those formulae without using mathematical symbols…

Thus, using formulae is quite good if you also recall the other basic rules for a good password: it must be private (used and known only by you); secret (it must not appear in clear text in any file or programme or on a piece of paper pinned to the monitor); easily remembered (so there is no need to write it down); not listed in a dictionary of any major language; and not guessable by any programme in a reasonable time. In addition, of course, please do not put all your eggs in one basket – avoid re-using your password for different sites or different purposes. The pool of formulae is big enough to pick (and memorise) a few more to cover all your passwords! Finally, remember that “your password is your toothbrush”: you do not share it and you change it regularly. Neither your colleagues nor your supervisor, the Service Desk or the Computer Security Team have any valid reason to ask for it. They should not and never will. The same is true of external companies: UBS, PayPal, Amazon, Facebook and Google will never ask you for your password!

For further information, please contact the Computer Security Team or check out our website.

*Access the entire collection of Computer Security articles here.*