Discussion on:
View:
Show:
Please read the original piece. Do you have a method to the madness of remembering passwords that you could divulge? (Without giving anything away, of course.)
Hi,
What I do is start with a "secure" number like my visa pin and then write down something like +234, which added to my pin gives the actual password. Unless someone knows my visa pin the written down numbers are meaningless.
Herb
What I do is start with a "secure" number like my visa pin and then write down something like +234, which added to my pin gives the actual password. Unless someone knows my visa pin the written down numbers are meaningless.
Herb
YOur visa pin is compromised, even if you don't tell them what it is.
one other thing: with pin numbers I create a sentence that lets me recreate the pin. The sentence is on my phone, and thephone is locked when not in use. I use a couple of tricks for creating the sentence.
one other thing: with pin numbers I create a sentence that lets me recreate the pin. The sentence is on my phone, and thephone is locked when not in use. I use a couple of tricks for creating the sentence.
erm... i really like some my password just using number form cellphone... like this one
word = 4(four)
soo = 33388777
or
word = love
soo = 55566688833
erm...hope it will work...also don forget u all must insert some unix word..
word = 4(four)
soo = 33388777
or
word = love
soo = 55566688833
erm...hope it will work...also don forget u all must insert some unix word..
I use FCC call signs (TV, radio stations, ham radio friends), cryptic EDS*NET IDs (now that I don't work for them), ZIP codes of favorite cities and car license plates.
Those make great passwords.
Those make great passwords.
Hobbies - like radio - would be a great way to remember something. Thanks.
P.S. I've always wanted to get into ham radio. It seems like it would be a lot of fun.
P.S. I've always wanted to get into ham radio. It seems like it would be a lot of fun.
The Amateur Radio Relay League.
www.arrl.org
Great website to get started and no more morse code requirement.
Good luck
www.arrl.org
Great website to get started and no more morse code requirement.
Good luck
I carry a mobile phone. The phone is locked after two minutes disuse and needs a code to unlock it. That is about a secure as it gets, especially as I seldom leave the phone unattended.
on the phone I have a notebook app.
I keep hints for all passwords in the notebook.
I have a stable of password and occasionally add a new candidate to the stable. I seldom change a password
I also follow the rules about using stable passwords for non critical stuff and changing passwords for critical stuff fairly regularly. Generally they include numbers.
Having said that, most of the time the passwords are in my head not on paper.
on the phone I have a notebook app.
I keep hints for all passwords in the notebook.
I have a stable of password and occasionally add a new candidate to the stable. I seldom change a password
I also follow the rules about using stable passwords for non critical stuff and changing passwords for critical stuff fairly regularly. Generally they include numbers.
Having said that, most of the time the passwords are in my head not on paper.
Then in every instance where a letter resembles a number, replace it.
So 8udw3153r.
1=L or I
2=Z
3=E
4=A
5=S
6=G
7=L
8=B
9=g
0=O
So 8udw3153r.
1=L or I
2=Z
3=E
4=A
5=S
6=G
7=L
8=B
9=g
0=O
What I find that works and also produces a relatively secure PW is to pick a sentence that has meaning to them and also has a word or two that can be converted to a number and then use the first or last letter of the sentence for each character, except for the easily converted numbers.
i.e. My mother went to the store twice on the even months and three times on the odd months = mmw2tstotema3otom or yrt2eeenensdesneds.
i.e. My mother went to the store twice on the even months and three times on the odd months = mmw2tstotema3otom or yrt2eeenensdesneds.
We've used much the same strategy as norm mentions above - suggesting the use of Bible verses or favorite song lyrics to provide a series of letters and numbers for passwords. Using the first letter of each word for John 3:16 can result in 4Gsltw316 or something similar. Need to change your password? Use the next verse...
We've also set up each of our computers with KeePass password database software and been proactive in training the entire staff on how to use it. This has been a huge help! We did the training two months ago and already I'm encountering far fewer passwords in Outlook and Word documents.
I've also suggested to a few especially challenged staff that while they can't write down their password, they can write down something to remind them of their password. For example, they could have a scripture verse written out as part of their cubicle decorations.
What are other people's thoughts on this? Is this a secure suggestion?
We've also set up each of our computers with KeePass password database software and been proactive in training the entire staff on how to use it. This has been a huge help! We did the training two months ago and already I'm encountering far fewer passwords in Outlook and Word documents.
I've also suggested to a few especially challenged staff that while they can't write down their password, they can write down something to remind them of their password. For example, they could have a scripture verse written out as part of their cubicle decorations.
What are other people's thoughts on this? Is this a secure suggestion?
My passwords are not English words, and as afar as possible archaic words or ones not in standard dictionaries. If I really need to my password will hold words from three languages, some transliterated from another alphabet. Sometimes I invent words.
I Also wrote a password generator program that generates easily pronouncable random passwords of any desired length. I lost the code several times but it never takes me more than an hour to rewrite it.
I Also wrote a password generator program that generates easily pronouncable random passwords of any desired length. I lost the code several times but it never takes me more than an hour to rewrite it.
Let's see, was that three times on the odd months or the even months?
Remember one long passphrase to access your uname/passwd lists. My preference is KeepassX since it can open the same password data file across most platforms and from a usb portableapp.
I believe a Password Safe facility must incorporate the following features:
1. provide an opportunity to identify what a password is used for (access a specific site, computer, facility). Password retrieval must be permitted via the name of the site, computer, facility).
2.encrypt all information stored in the safe so that nobody can view it by accessing the files in which it is saved using some other tool(s). Even then complete passwords should not be saved in the password safe but rather they should be at least encoded. All my passwords have a standard (fixed) set of numbers/characters with prefixes and/or suffixes, e.g. RTPstdRBC where 'std' is replaced by the standard set of digits/characters
3.allow access to data stored in a password safe only via a single password per user.
1. provide an opportunity to identify what a password is used for (access a specific site, computer, facility). Password retrieval must be permitted via the name of the site, computer, facility).
2.encrypt all information stored in the safe so that nobody can view it by accessing the files in which it is saved using some other tool(s). Even then complete passwords should not be saved in the password safe but rather they should be at least encoded. All my passwords have a standard (fixed) set of numbers/characters with prefixes and/or suffixes, e.g. RTPstdRBC where 'std' is replaced by the standard set of digits/characters
3.allow access to data stored in a password safe only via a single password per user.
They store the data in an encrypted file which any of the various platform front ends can open. (Keepass on Windows, KeepassX on *nix systems.) The password generator is great and each entry is kept in a catagorized tree with it's own description and related attributes.
It may meet your requirements but if you do find a reason why it doesn't I'd be interested to hear it for my own considerations.
It may meet your requirements but if you do find a reason why it doesn't I'd be interested to hear it for my own considerations.
I favour a meaningful pass-phrase rather than password as it is easier for an end-user to remember while retaining a higher level of security.
For example, if they support a football team named the Kings then an easily memorised pass-phrase might be kings42008 (Kings for 2008).
I also suggest substituting letters for numbers and visa versa. My examples above might then be re-phrased as k1ng542oo8.
It may look hard to remember this form of pass-phrase however if it is [silently] spoken phonetically then is is easy enough to remember.
For example, if they support a football team named the Kings then an easily memorised pass-phrase might be kings42008 (Kings for 2008).
I also suggest substituting letters for numbers and visa versa. My examples above might then be re-phrased as k1ng542oo8.
It may look hard to remember this form of pass-phrase however if it is [silently] spoken phonetically then is is easy enough to remember.
This is an idea I like to use frequently. Numbers make great substitutes for letters, in the middle of words and phrases. But what happens when you need a strong password that needs to be changed on periodic basis, like a network password? I usually tell users to come up with a strong password that they like (using many of the same suggestions here) and then add an incremental number each time they need to change it. That way they have a secure password, and don't have to make up a unique one each time. I even tell the users to write down the number they are on so it helps them remember, in case they forget. The number is meaningless to anyone else without the rest of the password.
Just for example, if we were to use the word(s) "techrepublic" from TR (and I'm using a QWERTY UK keyboard, so yours may differ slightly), use a key adjacent to the word you remembered.
So taking the example above, and moving to a key to the left of the *actual* word, techrepublic would become; rwxgewoyvkux
All I've had to do to produce that password, is remember techrepublic and move one key left on the keyboard; that's it and hardly a candidate for easy cracking.
If you want to include numbers, as four of the five vowels are on the top row of the alpha keys, moving left (or right) *and* up, will produce passwords that include numbers. In this case, techrepublic becomes; 53dy4307go8d
So taking the example above, and moving to a key to the left of the *actual* word, techrepublic would become; rwxgewoyvkux
All I've had to do to produce that password, is remember techrepublic and move one key left on the keyboard; that's it and hardly a candidate for easy cracking.
If you want to include numbers, as four of the five vowels are on the top row of the alpha keys, moving left (or right) *and* up, will produce passwords that include numbers. In this case, techrepublic becomes; 53dy4307go8d
What everyone except lastchip seems to miss, is the necessity to often produce memorable passwords related to particular uses, as the original article pointed out. How then, do you remember which of the various hidden clues to use for that particular website/email address. Poster lastchip shows you how - something about the website itself must trigger the password.
Unfortunately, lastchip could end up sharing HIS password for Tech republic with several hundred other people !!
NO, it's not so easy is it? I have a method, but sorry, I'm not divulging it because it may be reverse-engineered just as lastchip could be.
Unfortunately, lastchip could end up sharing HIS password for Tech republic with several hundred other people !!
NO, it's not so easy is it? I have a method, but sorry, I'm not divulging it because it may be reverse-engineered just as lastchip could be.
All of us have hobbies, interests that are totally unique to our lives and also usually involve terms and names that we never, EVER, forget. These are great reference points for passwords. The associations can be totally unique.
One woman spoke Gaelic and used that language. Beautiful.
My boss once proposed making your password simply this:
********
Eight asterisks. Who would know otherwise?
One woman spoke Gaelic and used that language. Beautiful.
My boss once proposed making your password simply this:
********
Eight asterisks. Who would know otherwise?
Repeating characters, no matter what they are (letters, numbers, special characters), make cracking passwords exponentially easier.
Eight asterisks, while cute, isn't a good password. That would take probably less than 1 minute to crack using brute force.
Eight asterisks, while cute, isn't a good password. That would take probably less than 1 minute to crack using brute force.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
