[colug-432] Memorizing Unique Passwords
Rob Funk
rfunk at funknet.net
Thu Sep 10 14:46:08 EDT 2015
Dan Kaiser wrote:
> The Turing version is more robust, but I've been doing something similar for
> years. I think I picked it up from a Lifehacker book initially.
> The password prefix is a word or phrase that means something to you. Transform
> it by selecting keys nearby. Say you play a lot of poker and you choose "ace",
> and select keys to the right. The password prefix here is now "svr"
> Insert a number of your choosing. Our poker player friend likes 21, so the
> password is now "svr21"
> Then the suffix of the password relates directly to the site or software in
> question. For example, the last three letters of the domain, but choosing keys
> to the upper left. If he is logging onto Amazon to buy a book on counting cards
> is password becomes "svr21a9h"
> There. Unique password for each need. The first portion of the password stays
> static, so I change it every so often. I also use LastPass to track all of
> this, but in most cases I can "guess" my own password because I know my
> algorithms.
This is similar to the pattern system I learned in the late 90s. And
it's better than what most people do. (Above a certain ever-growing
level of complexity, you may not need to outrun the bear, maybe you
just need to outrun your friend). But it's important to realize that
these days we should have a much longer password than we used to need.
So "svr21a9h" is too short. Also, if someone figures out either piece,
or if it's common enough to be in their dictionary, or if you use a
common transform, then the modern cracking software can use that to
make their job much easier.
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
A password manager lets you generate long random passwords that will
be much more secure than anything you can remember. Of course, then
you still need a secure yet memorable password for the password
manager, and the ability to get to your secure passwords even when
disaster strikes.
http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-characters-and-a-password-manager/
More information about the colug-432
mailing list