Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Memory Tools for Password Management? 125

Posted by Cliff from the sometimes-mnemonics-aren't-enough dept.
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
This discussion has been archived. No new comments can be posted.

Memory Tools for Password Management? More

Memory Tools for Password Management?

Comments Filter:

  • Abbreviated Quotes (Score:5, Interesting)

    by eldavojohn ( 898314 ) * <eldavojohn@noSpAM.gmail.com> on Thursday May 10, 2007 @09:49PM (#19077823) Journal
    As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.

    For example, one of my beloved authors is James Joyce so a great way to make a password from him is to take a memorable quote of his that I know: "Well and what's cheese? Corpse of milk." This password would transform into Wawc?Com. which has two caps, a period and a question mark. You can do the same with Futurama or whatever you find easy to remember. Then I just attach that quote with the website/machine/network or whatever it is. You can also append the name of the quoted character or author or actor in order to make it longer so the password might be Wawc?Com.JJ which just makes it even more difficult for a code cracking program to get at.

    Plus, since I naturally love the quote, it's very easy to memorize.

  • Put it all in context (Score:2, Interesting)

    by LiquidCoooled ( 634315 ) on Thursday May 10, 2007 @09:51PM (#19077849) Homepage Journal
    Use a similar password for each site, but customise parts of it

    password/.
    passwordgm
    passwordeb

    You don't want to use that for your important sites, just ones which need a password.

  • This is good, but there are other ways (Score:3, Interesting)

    by zappepcs ( 820751 ) on Thursday May 10, 2007 @09:57PM (#19077921) Journal
    While using part of the site name concatenated to your base password is good, there are other simple ways to make it stronger. I keep a list of online sites that I have passwords for. By using a 'known only to me' algorithm, I can use a list of those sites. This serves two purposes; 1) I don't have to remember what all the sites are that I have accounts on, and 2) The base password might be the same, but could change according to how I personally categorize the site content/type as well as by what number the site is listed on my written list. Nothing on the written list will tell you anything other than which sites I have an account on, but it serves to remind me what the passwords and login names are. I do have to remember some things, but not very many compared to the number of accounts. An example is:

    1 google 18
    2 yahoo 21
    3 delicious 8

    Not decipherable as important parts are missing from the list and is only in my head, such as what to do with each of the numbers and what the base password(s) might be. It's still enough to jog my memory when required. In this example, the 1 or the 8 in the third column might indicate the base password while the first column might indicate what algorithm would be used in generating the additional password parts. The ones that you use the most are easiest remembered. The list is for those that you don't always use or have trouble remembering

  • Part numbers. (Score:4, Interesting)

    by munpfazy ( 694689 ) on Thursday May 10, 2007 @10:54PM (#19078367)
    For years our lab (a research lab behind locked doors, open only to a few trusted people) use IC part numbers for root passwords. To avoid having to remember them, we'd just drop the device itself into the top drawer of the desk nearest a particular machine.

    Not the most secure method in the world, but far better than the practices in any other academic research group I've seen. (Most do something really complicated and uncrackable. . . like taking two three or four letter English words and putting one after the other. Or, taking a short English word and misspelling it by changing one letter.)

  • Re:Universal solution: (Score:3, Interesting)

    by ArsonSmith ( 13997 ) on Thursday May 10, 2007 @11:01PM (#19078411) Journal
    That reminds me. I always use to post fake passwords on sticky notes to my monitor just to see who is paying attention and willing to point it out.

  • Re:I just use KeePass (Score:3, Interesting)

    by networkBoy ( 774728 ) on Thursday May 10, 2007 @11:48PM (#19078707) Journal
    I store everything in a flat file:
    sitename /t pwd /t notes

    That flat file is stored in a truecrypt hidden volume of about 10 megs, with the main volume containing source code (a reasonable thing to keep locked up in a secure volume if you're paranoid) making the plausible deniability plausable. The hidden volume password is cryptographically strong, and yet I only have to remember one strong password.
    -nB

  • Re:Abbreviated Quotes (Score:3, Interesting)

    by forkazoo ( 138186 ) <<wrosecrans> <at> <gmail.com>> on Friday May 11, 2007 @02:21AM (#19079561) Homepage

    As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.


    I try to do the exact opposite. Whenever I need a new password, I have one randomly generated, and then come up with a phraze for it. I'll adjust capitalisation and add/drop characters to make it easier, but I'll use the randomly generated password basically in entireity.

    I'll just randomly bang on my keyboard to generate an example or two, rather than bother to generate proper random ones...

    owgijh ... Oh, will God inject Jesus hastily? Then, to make a proper password... OwG1iJ2h? (Calling "God" number one and "Jesus" number two seemed like an easy enough way to add some complexity)

    iuyfesa ... I understand you fuckers eat sausage all-day! ... Iu,Yf,Es,Ad (I just did a pattern for punctuation and capitalisation for this -- simple pattern seemed easier than remembering arbitrary capitalisation, since there were no proper names in this one...)

  • My method, as seen before on Slashdot (Score:3, Interesting)

    by nizo ( 81281 ) * on Friday May 11, 2007 @12:04PM (#19084465) Homepage Journal
    Becoming tired of remembering passwords, I wrote a little perl program to randomly generate a matrix like this:

    a-E9 b-?p c-&m
    d-6K e-aY f-eP
    g-!S h-gn i-D=
    j-Hd k-vw l-Cb
    m-W5 n-4$ o-R3
    p-x% q-7M r-NF
    s-+2 t-s* u-Ay
    v-fL w-zG x-Zu
    y-cX z-Qr

    I then print this, laminate it, and put it in my wallet (a backup copy somewhere isn't a bad idea either). Then, for every password I just remember a word (maybe "bank" for my bank for example) which gives me a password of: ?pE94$vw

    Hard to guess, easy for me to "remember". If someone gets my paper (say I lose my wallet), it is still not simple to figure out what my passwords are, or even what the heck that little paper is. Shoulder surfing doesn't work too well either, unless you can memorize the whole card and then figure out which word I am using (it would be easier to try to watch me type the password on the keyboard then get it off the paper. Luckily I type fast and get annoyed when people stand over me while I type a password :-) ).

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close