Skip to main content

View Diary: How to AVOID writing passwords (154 comments)

Comment Preferences

  •  That's pretty much my strategy (9+ / 0-)

    It's not the best strategy, but it's better than what most laypeople I know do: write them down on post-it notes stuck to their monitor.

    I roll my eyes every time I walk into someones office and see "Wells Fargo: Puppylov3r*"
    I was especially amused that the admin password for the entire college network wasn't changed for over 4 years - and it was on post-its all over the place...

    •  Indeed. It's tempting to just say, (8+ / 0-)

      Have a unique, randomly selected, maximum-length password for every site you go to.  But we're humans.  We have limits in our ability to memorize stuff, especally if we don't want to spend all day doing it.  That's just not going to work.  And the more you try to push that on people, the more you encourage the sticky note solution.

      The best compromise, IMHO, is to:

      A) Maintain differing levels of security.  Have a widely used throwaway password or two for things you could care less about, and then increasingly lesser-used passwords for things you increasingly care more about, culminating with single-use passwords for anything where, if compromised, it could ruin your life.  4 or 5 passwords is not unreasonable to memorize.

      2) Have a good password-forming system.  Substitutions of characters with numbers and symbols isn't a bad idea, and they do indeed increase the search space by a couple orders of magnitude, but the basics come down to having the core of your password be good.  My personal favorite way to do a password is to not think of a word, but a sentence, and have some rule for getting a letter from each word.  For example, in your post, if the sentence was:

      "I roll my eyes every time I walk into someone's office"

      The password could be, using the extremely simple rule of "take the first letter from each":

      Irmeetiwiso

      Beyond this you can tweak it with substitution rules, irregular capitalization, punctuation, etc.  So perhaps you use rules that turn it into:

      iRm337|vv|s0

      Or something of that nature.

      Note that this is not a random password.  It's subject to lexographical analysis, in that certain letters will be more common in certain positions (the substitutions, too, are subject to analysis based on how people frequently substitute, although again, they still significantly increase the workload).  But overall, it's a heck of a lot better than having a word or group of words as the base of your password!  And is still quite easy to memorize.  You just need to memorize "I roll my eyes every time I walk into someone's office"

    •  I was amused years ago to hear (0+ / 0-)

      that the password for super expensive engineering workstation software was almost never set up by the users.  So about 90%  of all engineering software protected by password could be entered using either 'demo' or 'default'.

      Many people are SOOOO trusting.

      Real plastic here; none of that new synthetic stuff made from chicken feathers. By the morning of 9/12/2001 the people of NYC had won the War on Terror.

      by triplepoint on Mon Jul 16, 2012 at 07:44:58 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site