Introduction

Password policies are becoming more and more complicated all the time. Most policies nowadays require at least 8 characters both upper and lower case letters, at least one number and a special character. Some organizations can require up to 16 characters. The policy also requires that the password be changed on a regular basis and you cannot reuse any of the previous passwords or any parts from previous passwords.

What typically happens is people have a number of different long and complicated passwords for several different applications that they change fairly often so in order to keep track of them, they write them down somewhere where they won’t forget, undermining the purpose of having passwords. Even then there are times when we forget the passwords altogether and can’t find a note anywhere and we either have to go through the ‘forgot password’ process or we get locked out of our account.

The problem is how to have any number of arbitrarily long and complicated passwords, that have to be changed on a regular basis and not have to write them down, not worry about having to remember them and at the same time, make it as difficult as possible to interfere with social engineers looking over our shoulders.

“Password Automation and Declination” is a procedure which automates entering passwords which is complemented by augmenting the password entry with a declination pattern. In other words, the password entered is not in its final form, but rather its form must decline or be altered to find its final form.

Password Automation

In order to automate the introduction of the password, we can create a batch file with the following commands: ‘echo YourPasswordHere | clip’. This will automatically copy your password to your systems clipboard that you can then paste into the password field. Then you can create a shortcut to the batch file and assign a short-cut key combination that makes mnemonic sense. For example: CTR + ALT + B for your bank password or CTR + ALT + M for Gmail. The batch file and the short-cut can be hidden anywhere on your computer and they do not have to be together. Automation allows your password to be absolutely anything and when it has to be changed you just change it in the batch file.

Declination Pattern

The declination pattern is meant to add an additional authentication factor making it difficult for social engineers ‘looking over your shoulder’ to steal your credentials even if they are looking right at you. The declination pattern can be anything you want and should make sense to you so it’s easy to remember. Regardless what your password is, you can use the same declination pattern. A declination pattern means altering the original form of the password, the password template, in a particular order to produce the correct password before submitting it. It’s a set of ordered key: value pairs composed of indexes and actions denoted {index:action}. The declination can be deleting something, adding something or changing something at chosen indexes.

Let’s say you choose declination indexes 1 and 7, the indexes mean that after you enter your password in the password field, you will then decline the password form at index 1 and index 7 in that order. Let’s say delete the character at index 1 and add a character at index 7 in order to give us the correct password form for submission. Declination pattern {1:del, 7 ‘y’}. Applying the declination pattern in order matters since deleting characters can change the numbering of the indexes.

For example, if your password is ThisIsMyPassword2021!, then in the batch file you would put a valid password template for your chosen declination pattern. *ThisIsMPassword2021! is a valid template for the password ThisIsMyPassword2021! and declination pattern {1:del, 7: ‘y’} but anything that has a deleteable character in position 1 and is missing the ‘y’ at position 7 is valid. Applying the declination pattern {1:del, 7: ‘y’} then produces the password ThisIsMyPassword2021!. Password fields on web forms hide the characters in the password so the declination pattern is applied without anyone being able to see what characters in the password you are affecting. Your password could be any absurd, arbitrary monster like:

jdkf avyLLfldk adfj!@#$daj;f897 then a valid template for declination pattern {1:del, 7 ‘y’} to put in the batch file would be *jdkf avLLfldk adfj!@#$daj;f897 and that’s it. You never have to remember a single thing about it, just the short-cut keys and the declination pattern which haven’t changed.

Conclusion

Regardless how long and complicated a password is, all the user has to remember is the short-cut key to automatically copy the appropriate password template to the clipboard and the declination pattern. Even when the password changes to something completely new and long and complicated, there is nothing new to memorize. Just tailor the new password’s template in the batch file to fit your existing declination pattern and you can use the same short-cut keys.

The two factor nature of the procedure addresses the fact that, even if a social engineer sees which short-cut keys you use for the automation, it only gives him the password template and will be rejected if he tries to submit it. He would also need to know your declination pattern which is much more difficult for someone to pick up since they can’t see the password in the password field. The declination pattern is a pseudo-biometric in that it’s not something that has to be written down but rather just something meaningful to you that you remember.

This method not only accommodates large and complicated passwords that tend to change a lot, it invites them. The larger and more complicated the more effective the declination pattern.

If at any time the user thinks either his short-cut keys or declination pattern have been compromised he can simply change them. Declination patterns are extremely sensitive so the slightest change will prevent access.