Main Area and Open Discussion > Living Room

Looking for password "scheme" suggestions

(1/6) > >>

Josh:
OK all, I am working on securing my passwords in a manner which would hinder most "passer-by" style hack attempts. What techniques do you use, or have you used, to setup a password system which is easy to remember and adapt to various sites and services. I have broken this down into three basic categories.

First, would be the majority of sites which do not arbitrarily limit you to "6-8 characters" and permit all special characters.

Second, those sites which limit which special characters you can use. This is fairly easy to adapt to the first item above.

Third, those sites which limit you to the number of characters.

So, with that said, what types of systems do you use or have you seen used? Please, feel free to be general so as to not give away personal info. I am just looking for ideas.

wr975:
I'm using KeePass to store my passwords... since quite some years. Right now there're 839 entries in my database. ;-)

The KeePass password generator (a lot of options) creates random passwords, so each site has a different 8 chars password (examples: exoI5uAG, pUdgy8Mh, 39_8rm1E). For very important sites I'm using 18 chars passwords.

Many sites have problems with too long passwords, or special chars (! $ % & [ ] < >). For KeePass it's easy to generate passwords like "Õ¼1êyûq "äÔÐlAW" or "Ò³Îu¾øfÍ", but I can't use them. ;-)

I also like using "LastPass" to log into my accounts.


FWIW... already seen Gibson's "Haystack" site?

https://www.grc.com/haystack.htm

He claims the password "D0g....................." is stronger than "PrXyc.N(n4k77#L!eVdAfp9"

Josh:
wr, I have used keepass, and use lastpass currently. What I want is something that eliminates the need for "Random password generators" and provides a simple mechanism I can use, on the fly, to generate my passwords. Perhaps something which incorporates the name of a site or system I am using. This way, I do not have to remember J@Bv8Hnk149*&&1j4^%^$#* as my password but could remember "Saffrazon like$ t0fu!" instead.

Deozaan:
I haven't put much thought into this (which should be obvious) but for sites that don't limit you, you could just do something simple like:

donationcoderisthesiteiamlogginginto

Of course, to increase security you'd want to use mixed case and symbols and numbers. That could lead to something like this:

DonationCoderIsThe$ite!AmLoggingInto2Day

Easy to remember, long, and different for every site.

But the problem is that the pattern is too easy to see, so if anyone ever gets your password for any other site they will know it for every site.

40hz:
Unless you're using a true random and complex password for each different site (i.e. impossible to memorize) it's all pretty much moot according to one security specialist I asked. I showed her this (which has been posted on DC before):



She said it was at least as secure as 90% of what else is out there. And a lot easier to use.

I've since switched over to this, and added a little additional complexity by adding a few arbitrary number/punctuation mark strings to the above using a simple scheme I've come up with. It's not worth sharing since the internal logic only means something to me.

If somebody succeeds in guessing my passwords after that, all I can say is, "Oh well." ;D

Navigation

[0] Message Index

[#] Next page