Skip to main content

View Diary: How to AVOID writing passwords (154 comments)

Comment Preferences

  •  not good (4+ / 0-)
    Recommended by:
    sockpuppet, Creosote, KateCrashes, bumbi

    if one account is hacked, then you could easily lose control of the account.  The password can be changed on you.

    Also, once someone has control of the account, no one else knows it.  So you don't know what damage can be caused in your name.

    And if one account is in fact hacked, the password is tried everywhere.  Very scary.

    "The only person sure of himself is the man who wishes to leave things as they are, and he dreams of an impossibility" -George M. Wrong.

    by statsone on Thu Jul 12, 2012 at 10:24:13 PM PDT

    [ Parent ]

    •  So, the fact that I use the same password (4+ / 0-)
      Recommended by:
      sockpuppet, cotterperson, bumbi, Miggles

      I need for several blogs in order to make a comment is bad? Geeze, I've set up a complicated, unique password for every financial site I have. But, I thought I'd give myself a break and just keep all the blogs the same.

      For me, Mitt reminds me of Jeff Bridges in Starman. He's like an alien that hasn't read the entire manual. You know, he's going, "Nice to be in a place where the trees are the right size." -- Robin Williams on Letterman 26 Apr 2012

      by hungrycoyote on Thu Jul 12, 2012 at 10:42:41 PM PDT

      [ Parent ]

      •  That's pretty much my strategy (9+ / 0-)

        It's not the best strategy, but it's better than what most laypeople I know do: write them down on post-it notes stuck to their monitor.

        I roll my eyes every time I walk into someones office and see "Wells Fargo: Puppylov3r*"
        I was especially amused that the admin password for the entire college network wasn't changed for over 4 years - and it was on post-its all over the place...

        •  Indeed. It's tempting to just say, (8+ / 0-)

          Have a unique, randomly selected, maximum-length password for every site you go to.  But we're humans.  We have limits in our ability to memorize stuff, especally if we don't want to spend all day doing it.  That's just not going to work.  And the more you try to push that on people, the more you encourage the sticky note solution.

          The best compromise, IMHO, is to:

          A) Maintain differing levels of security.  Have a widely used throwaway password or two for things you could care less about, and then increasingly lesser-used passwords for things you increasingly care more about, culminating with single-use passwords for anything where, if compromised, it could ruin your life.  4 or 5 passwords is not unreasonable to memorize.

          2) Have a good password-forming system.  Substitutions of characters with numbers and symbols isn't a bad idea, and they do indeed increase the search space by a couple orders of magnitude, but the basics come down to having the core of your password be good.  My personal favorite way to do a password is to not think of a word, but a sentence, and have some rule for getting a letter from each word.  For example, in your post, if the sentence was:

          "I roll my eyes every time I walk into someone's office"

          The password could be, using the extremely simple rule of "take the first letter from each":


          Beyond this you can tweak it with substitution rules, irregular capitalization, punctuation, etc.  So perhaps you use rules that turn it into:


          Or something of that nature.

          Note that this is not a random password.  It's subject to lexographical analysis, in that certain letters will be more common in certain positions (the substitutions, too, are subject to analysis based on how people frequently substitute, although again, they still significantly increase the workload).  But overall, it's a heck of a lot better than having a word or group of words as the base of your password!  And is still quite easy to memorize.  You just need to memorize "I roll my eyes every time I walk into someone's office"

        •  I was amused years ago to hear (0+ / 0-)

          that the password for super expensive engineering workstation software was almost never set up by the users.  So about 90%  of all engineering software protected by password could be entered using either 'demo' or 'default'.

          Many people are SOOOO trusting.

          Real plastic here; none of that new synthetic stuff made from chicken feathers. By the morning of 9/12/2001 the people of NYC had won the War on Terror.

          by triplepoint on Mon Jul 16, 2012 at 07:44:58 AM PDT

          [ Parent ]

      •  It Depends On How Important It Is To You (4+ / 0-)
        Recommended by:
        hungrycoyote, mumtaznepal, Lujane, kyril

        If you don't care about the possibility that somebody who had it in for you might lock you out of all of those blogs, or start posting stuff that makes you look like the love child of Jim Robinson and Glenn Beck, it's not a problem. Everybody chooses what risks they will and will not accept.

        On the Internet, nobody knows if you're a dog... but everybody knows if you're a jackass.

        by stevemb on Fri Jul 13, 2012 at 07:13:47 AM PDT

        [ Parent ]

      •  That's what I do (9+ / 0-)

        same password for all the political blogs.

        Those stupid comments I make now and then aren't me, they're some h4XX0r.

        "When I was an alien, cultures weren't opinions" ~ Kurt Cobain, Territorial Pissings

        by Subterranean on Fri Jul 13, 2012 at 08:20:24 AM PDT

        [ Parent ]

      •  I use a single password for a throwaway (0+ / 0-)

        email account to log into websites for commenting.  It can be ditched at a moment's notice.  My 'real' email account is closely held and I don't use it for any financial dealings or in any browsing situations .  Never had a problem, but this diary offers excellent advice, and I may consider altering my strategy.

        Real plastic here; none of that new synthetic stuff made from chicken feathers. By the morning of 9/12/2001 the people of NYC had won the War on Terror.

        by triplepoint on Mon Jul 16, 2012 at 07:38:37 AM PDT

        [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site