How do you Remember Your Passwords? 406
Aaron asks: "Like most people reading this, I have more than a few computer accounts. Password maintenance (e.g., changing them regularly, thinking of ones that are hard to crack but possible to recall, remembering what this week's password is on account foo) is nontrivial. What strategies for managing passwords do you have?"
Mnemonics and password schemes are tricks a few people use, but I'm sure some of you out there have better ways. Would any of you care to share?
Piece of paper (Score:1)
Palm Pilot (Score:2)
Memorization through use. (Score:1)
Patterns (Score:1)
Use patterns from the home row keys. Squares, diagonals, horizontal and vertical lines, left to right, right to left, and each hand.
They're generally non-dictionary letters, big, and easy to memorize, left-straight.
But they require you to use roughly the same keyboard.
-- Ender, Duke of URL
probably unsafe, but (Score:1)
by the way, the file is on an magnetic-optical and called "judy.jpg" (just an example), not on my hd, just in case.
Car Registration numbers (Score:1)
I've driven loads of different cars and therefore I have lots to choose from. Rotate weekly - add an underscore or two - reverse them for extra effect.
Still, the easiest one to remember is of course " ".
PGP (Score:1)
The problem is that if you forget this password your other passwords are lost too...
my trick... (Score:1)
That is one reason I have a PDA (Score:3)
A different password for every site... (Score:1)
when I forget.. the first thing I ask myself...
"If I were to pick this password, which, surpise, I did... What would it be? Hrmm..."
And I usually get it after a couple tries.
-Matthew
Technetos, Inc.
Re:Memorization through use. (Score:2)
But there is more you can do than using them a lot. Make passwords that make sense. This doesn't necessarily make them insecure, but easier to remember. For example: noone would guess w3/.org is the password for Rob's server. But it's darn easy to remember.
All my passwords have some sort of connection to my life, servers, what's running on them, etc etc. But be careful not to make them too easy. My password is most definitely not my girlfriends name.
Also, use your old passwords (that you are familiar with) for all those stupid Web-accounts. Who cares! Of course make exceptions when you start ordering stuff, especially with one-click-buying.
It's still better than "PASSWORD" (Score:1)
My wife's first name (Score:3)
This has worked well until now, I have never had to ask the admins to remind me what my password is.
One method I use (Score:3)
Take a common household phrase..
ash nazg gimbatul
..apply 31337 to it..
@Sh N@5g G!Mb@tU1
..now table it...
@ShN
@5gG
!Mb@
tU1
..and unwind that.
@@!tS5MUhgb1NG@
...that's something that can be memorized in source form as long as the 31337 rules are consistent and the table is near-orthagonal. It can be regenerated on a scrap of paper or, with a smudged-off-afterward marker, on a countertop.
Re:Memorization through use. (Score:1)
It never ceases to amaze me that most people need special techniques to memorize passwords.
Whenever I change my passwords, I just do a few spurious extra logins for about an hour or two after I change one. After that, I'm set.
I suppose that if I used dictionary words or names like most people seem to prefer, then I'd have to have some special technique to memorize that they're passwords; I find it hard to cross-link strings like that. My usual base for passwords - punctuation, numbers, control characters - generate unique strings and thus are easy to memorize.
qwerty on dvorak (Score:2)
I'll never forget (Score:1)
My password is "password".
I use this on a couple of machines (198.137.240.91 and 198.137.240.92), and it seems to work pretty well.
BTW, I haven't told you my login name
Re:Patterns (Score:1)
Re:PGP (Score:1)
Also, Mozilla will be able to remember them for you in your 'wallet', I don't know how it's encrypted locally but the wallet and your profile should be (and can be) password protected themselves. Internet Explorer also does this.
Tatoos (Score:1)
A Password That Will Never Be Forgotten (Score:1)
12345
Re:That's the same combination as my luggage! (Score:1)
Anyone remember spaceballs?
I tell you, qwerty or 12345 would not be the first ones i would try to break a password with. Maybe I'm just rambling but oh well...
My strange passwd methodology (Score:1)
Humans Are Visual Creatures (Score:3)
As one of the system administrators for a medium sized ISP, we are faced with the problem of regulary rotating certain account passwords (I think you can guess which ones
Simple Example:-
Imagine a large smiley face situated on your keyboard (as in certain keys were colored differently to make up the face)
Nasty ASCII Art Bit:-
1234567890-=
qwertyuiop[]
asdfghjkl;'#
zxcvbnm,./
Normal Keyboard layout
1234*6*890-=
qwertyuiop[]
as*f*h*kl;'
\zxc**nm,./
Stars show keys used to draw smiley face
Ok, so I have made a pretty lame job of that, but notice that I have used 5 & 7 to make up the eyes, g for the nose and dvbj for the mouth. That gives us a password of 57gdvbj. Once we have that, we can add features to make it more secure, a Capital G for the nose for example, or using punctuation % and & to give the face "eyebrows".
Personally I find this method a useful way of coming up with passwords that are only suseptable to brute force attacks, whilst maintaining a visual link so that our primate brains can have a stab at remembering them. Other pictures that can be used are symbols, flags, large letters, the list is pretty long.
Good Idea/Bad Idea?
Dave.
Re:My wife's first name (Score:2)
Trying 130.225.40.228...
Connected to dina.kvl.dk.
Escape character is '^]'.
abra
SunOS UNIX (elc1)
login: abraham
Password:
Login incorrect
login: abraham
Password:
Login incorrect
login: abraham
Password:
Login incorrect
login:
telnet> quit
Connection closed.
Liar.
specialized memory? (Score:2)
i used to be a network admin at an isp. we had one master sheet of paper with all the passwords for servers and NAS's (totalling around 25) that we would keep locked in a safe. i would only have to pull it out when i wanted to get on a box that i hadnt used more than once or twice. i guess my memory is just better at storing arbitrary strings up to around 10 characters.
whats annoying is that usually i can remember whether ive heard a person's name before but i have a very hard time associating their face with the name. i also have a difficult time rememberng all the things im supposed to do during my day. my finance on the other hand can remember conversations from years ago word for word but has to check with me when someone asks for our zip code. i wonder if theres some sort of male/female thing going on...
anyway, one way to make passwords easier is to take a random 4-6 letter word and to convert it to "l33t-speak", and then optionally tack on a random number or non-alphanumeric or two. for example, take the word "fault", change it to "F@u|t", and add a 0 to get "0F@u|t". granted it may not be perfect, but it may be easier to remember than random characters and a bit more secure than just dictionary words. another trick we used at the isp was to make them loosly based on vulgarities--after a while it was almost a contest to see who could thing of the best(or worst depending on your perspective).
still another alternative can be found on freshmeat. theres is at least one program out there that will keep a list of passwords for you. i think theyre stored encrypted, and you only have to remember the one password to open the list.
"gpasman" and "kpasman" are two examples...
--Siva
Keyboard not found.
I use the shifting method (Score:1)
d;sdjfpy would be the password, except I switch the symbols to something on the top row. It looks like randomness when it really isn't.
Of course, for access I actually care about, I use something completely different, which is just random numbers and symbols mixed with 3 letter words.
Managing them is easy, since I have basically 10 main passwords for web sites. If I feel like it I rotate them around, and then just try to remember which had which. But I'm not randomly guessing my password anymore.
Passwords are a pain (Score:2)
1 T or D sound.
2 N
3 M
4 R
5 L
6 Soft G or ch
7 Hard G or K
8 F
9 P or B
10 S
It took a while to get comfortable with it but it was long ago and the pain is forgotten. The mnemonic for my (now closed) bank account from 15 years ago is "mouse cheese malls" which translates to 3060350. Double letters which make a single sound count are a single number. For letters, I use words. There doesn't seem to be a problem remembering which words are for numbers and which are for letters.
When I have to assign medium level passwords to others, I give them a phrase and they use the first letter of each word sometimes followed by a number. i.e. Why did the chicken cross the road...wdtcctr22.
Re:Memorization through use. (Score:1)
Today's Password is: p5Q28#%^uhqqb&@
CryptInfo is absolutely the way to go... (Score:1)
Password schemes. (Score:2)
For admin accounts (except for some reason, I've never subjected a root account to this), and some websites, I often base passwords on lines of songs I like. For instance, the first letters of each word; if there aren't enough letters, punctuation, and/or the artists initials help. And often, instead of using the real line, I substitude one or more words. ;-)
Sybase SA accounts are a lot easier. Sybase gives you up to 30 characters, so no 8 character limit. My favourite tactic there are plays on names related to the town I was born; given the fact that all Sybase servers I've worked with were behind firewalls in environments noone else was coming from the same country I was born in, that was pretty safe.
Root passwords are a different matter. Except for personal boxes, root passwords are often shared between people, so deciding on them is a different manner; you can't just use your favourite strategy.
And sometimes, you don't really care. For instance, slashdot mails your password, and your password goes in plain text to slashdot when you log in. Not that I could really care if someone used my password - slashdot is pretty close to the end when it comes to important things. For such passwords, I just keep them in a file, and cut-and-paste, although my current slashdot password has a certain rythm that makes it easy to remember.
Oh, one word of advice. Don't suggest in a (root) password things that aren't true. In a previous workplace, we had 2 sun E3000's next to each other, sharing a console using a switchbox. One weekend, I came in to chance the tape drive of one of the machines. The root password of the machine suggested it was the machine to the left. I logged in and halted the system. Then I turned the key of the left machine, and wondered why the screen didn't go blank. When my pager went of 30s later to notify me which machine was down I realized what I had done.....
-- Abigail
Password Generation (Score:1)
I run makepasswd like this
makepasswd --count=60 --maxchars=8 --minchars=8 --string=qwertyuiopasdfghjklzxcvbnm1234567890
That generates passwords with only lower case and numbers (I have found when remembering in upwards of 20-30 passwords, it's easiest to stick to one case). After I generate my new password lists I normally transfer them to my Pilot in a memo, and lock that memo down under the private area (I rarely use it, but it's always nice to have).
It's not a horribly complex system, but by using makepasswd you have no tendencies to lean twoards ceratin patterns, and you can generate hundreds of passwords very quickly.
Another word of the wise- keep an archive of all of your old system passwords, even after you have changed them. I have often found some part of a system or a rarely-used piece of equipment (Switch, Router, etc.) that has been forgotten in a password roll and is set to some old password. Having a list of them somewhere makes trying the old combinations VERY easy. (I once knew a guy who forgot the password to his 3Com Switch 1000, and he rendered the management portion of the switch useless)
Re: (Score:1)
My tactic for passwords: (Score:2)
"Yippy-ky-yay MuthaF**er" from Die Hard[1|2|3]
(I've deliberately chosen to use a weak example)
Now, use the first letter of each word. YKYMF.
You want to make it harder, scramble the capitalization: YkyMF
Maybe add punctuation: YkyMF!
Pick a theme with several such phrases, and there you go: easy to remember, hard to guess passwords.
passwords (Score:1)
Paswords (Score:1)
Re:Memorization through use. (Score:1)
Does that work if you have 40 passwords to remember, some of them you haven't used for half a year?
-- Abigail
Re: (Score:1)
Modified V.I.N. (Score:1)
followed by the last 4 numbers of the V.I.N.,
followed by my first, middle and last initials.
Old Commands, hardware and a password file (Score:1)
One is to use old commands used on old computers for low priority accounts (stuff I don't really care about)
I use a combonation of favoret numbers (such as some of the numbers of my birthday or old vic20 poke codes) and again old commands or the cryptic names of hardware I have on my desk [not my main computer but my old XTs monitor things like that]
I'll also just not bother and have the computer remeber my passwords for me. or save them in a password file..
I've been moving more and more to the password file.. saving them on a backup flopy and keeping the flopy in a safe place.
This seems to work very well.
cross fingers...
I prefer to let the computer automaticly enter passwords for me. This is how I usually rembered my passwords for BBSes I call during the 1980s and early 1990s...
when the terminal program didn't support it I'd make a macro for each BBS.. when the terminal didn't support macors I wrote the passwords down.. I hated writing anything down but thats life
I try to make my passwords as hard to remeber as posable now a days...
Muscle memory (Score:1)
Initially I remember the way these fake words "sound" (I also keep them written down for a while) but after a couple of weeks my hands remember them better than my mind.
I Have A Couple of Systems... (Score:1)
However, past this system, I usually use iterations of a same general password for a single puprpose: I use one set for my internet passwords (NY Times registration, Hotmail account, etc. ALl the unimportant stuff). Another set for my university account and account on my own machine. Lastly, my root password is different than all of them...
Password archives (Score:2)
--
-=DaveHowe=-
Re:Piece of paper (Score:1)
And I keep a backup in the "Notepad" DA on the Mac.
Nobody goes near my machine, so I don't worry. It's at home.
Pope
My Way... (Score:1)
Use another password (Score:1)
Muscular memory (Score:1)
Not so long ago I discovered I don't have two password starting with the same letter, so, I'm able to write down the first letter of each password and that's enough to recall it later. Now, I enforce this property on purpose.
My method works everytime (Score:2)
Reboot the box then
LILO: linux -s
# passwd whatever
# shutdown -r now
Now you have root back and change whatever the hell you want
Or in the Case of RAS equipment
do a NINDY by plugging the jumpers on the mobo
Upload a new TAOS/COMOS using a serial connection with 1K/XModem transfer
halfway through upload yank the jumpers
Reboot twice
OK OK all kidding aside. personally I do PGP encrypted files of router/RAS configs as well as passwd files stored offsite in 2 vaults. One at home, one in another office.
Hey it was either that or tattoo the passwds on my cat, and let the fur grow back!!
*JUST KIDDING PETA PEOPLES*
The mind is a terrific thing (Score:3)
I'd like to still have the same scheme on some systems, but people in general are paranoid enough so that I choose strong passwords so that they will still be friends with me. I must say though that I find it much easier to restore a backup every once in a long while, than to use all the paranoid security that people force upon me. I even secured my own computer and removed the guest/guest, system/manager and login/password accounts, which had been there for, well, forever really.
So either way; how do I remember the passwords these days? Well, it's not only passwords, it's bank account codes and other codes too that goes with all plastic cards you get. I'm sorry to say that there really isn't any great trick to it. The mind can easily store atleast 20-30 more secure passwords (and probably even more), even if you change them regularly. To memorize a new password, I write it down on a piece of paper and try to attach images of the characters to the paper in my mind. If you attach graphical images, sometimes even smell perhaps, you will most probably remember it far longer than you need to.
Another Palm Pilot Password Keeper (Score:1)
passwords on. So I keep them on my PalmPilot.
I just add each account as a contact in
my phone list, and mark the contact as private.
Each contact has a separate memo attached which
holds the account name and password (and other relevant info).
All of the password contacts live under a list name (coincidently)
'Passwords'.
So, all I have to remember is the PalmPilot Security password
to get to gain access to all
of the other passwords. The trouble with this
scheme is that sometimes I forget to turn
Security password back on.....
Re:Memorization through use. (Score:1)
Change my passwords? (Score:1)
Why would I do that? My password is completely secure! I even use it on my luggage!
123456
Whoa! How did that slide in there!
Chas - The one, the only.
THANK GOD!!!
Password and GFs (Score:2)
Well the process that I have used is as follows :
If I have a standing GF when I change the password, I would keep my password as "iluvxyz", and if I have just broken up with a GF i would have my password as "fuckuxyz"..
Isn't that cool. Maybe it will be cooler if I also add that I have never had a GF !
Manifest
Well... (Score:2)
Contrary to my previous, humorous post, I store my passwords in a plain text file, zipped with a password on the zipfile, then PGP-encrypted and stored on a CD.
The passphrase is something I'm almost unlikely to forget. But just in case, I keep a copy of the passphrase and the zip password in a locked strongbox in my room.
For additional physical security, I also own a set of swords.....
Chas - The one, the only.
THANK GOD!!!
for (some not all) musicians..... (Score:3)
for keyboardists, try the opening few measures of the theme of a composition, (hmm.Bach's Preludes would be a little too repetative though..) imagining the comp keyboard as a musical keyboard. Yeah Yeah I know, the keys are entirely wrong, BUT,If you know the piece, your fingers should remember at LEAST the theme, and hit the same area everytime..
I started testing this theory with not only keyboard themes, but also guitar licks... BTW, Chords don't work:), violin solos, bass lines.
Trombonists,flautists, and other brass and woodwinds would tend to have problems. Especially trombonists
I dunno, maybe I just need more coffee
and more testing.... please let me know what you think
Whack (Score:1)
Write it down. Stick it onto your eyeball. Read it and recall it for an hour, or more if needed. Log on to the account every minute. Burn the paper.
There. Of course trouble comes with many different accounts with different passwords.
Key to Passwords: Random-mess (Score:1)
j&^UFVotygOU^ryf*$RF9ogLMg9*%&Tk
and there you have a password, you just have to memorize it
5 Passwords max... (Score:1)
a) two for my home machines (root/normal user)
b) one for work
c) a couple for web login accounts
As i change jobs I do change my work password. Only my web login passwords are likely to fail a standard dictionary attack.
I find about 5 words which have been garbled is about the limit my brain can store.
Use first letters of a meaningful phrase (Score:1)
My password generating tactic is to use the first letters of a phrase that is meaningful to me. Let's say I like Vengaboys, especially their catchy line "Boom boom boom boom I want you in my room", which generates the password "bbbbiwyimr". Or "4biwyimr" if you have to have numbers in your password.
Note 1: don't use phrases that are meaningful to you but to many other people too. Crackers have them in their dictionaries. So don't use "to be or not to be", nor "there ain't no such thing as a free lunch"; I had the latter actually guessed by the dictionary cracker run by my sysadmin once. Don't use common proverbs etc.
Note 2: as an additional criterion I apply the speed of typing the password on a keyboard. Believe me, I guessed many passwords looking at people's hands and would not rather have it done to me.
Use a hashing function (Score:1)
Biological retrival of "random" paswords is a comlicated task, when new passwords are added to our collection every day. A "secure" method of password generation is required to 1) eliminate the need to store a pasword at an insecure location and 2) be able to retive the password if the storage location is not accessible. Therefore I use a hashing function, H that takes arguments var1, var2
Justification:
I don't think I'll forget my name, or the site that's asking for the password. So as long as you can remember a scheme like initials+1st 5 letters of domain name, you'll be ok.
Analysis of running time:
The hashing can be done in 0(1) time (constant time). Furthermore hash collisions are not important and do not affect performance of generating and retreiving H(var1, var2,...,varn).
Furthermore the algorithm is scalable.
Modifications to H():
Everyone can just have a particular modification to the generic hash function. For instance use "1LFMdoamin.com"
Weaknesses:
Unfortuneately, if someone figures out H() you are escrewed. The solution is to use an array of hashing functions (26) and select a hash routine according to some criteria. i.e., use the 1st letter of domain name, c to select H[c](). Be sure to not make the modification(s) on the hashing algorithm easily observible and guessible. That should create seamingly randomness to anyone who gets a pasword or two. They might figureout the H() for particular c, but as long as they don't get more than 1 password with a particular c, they should not realize that they know H[c]().
Final Comments:
passwords ahould be made of "random" characters from S where S is set of all valid characters. However has bioligical organisms, we cannot be expected to remember a growing number of unique passwords. Therefore a hashing function on string literals (dynamic or static) can provide a not-so-easily-guessable but easy-to-remember-password-scheme that is "reasonably" secure.
Followup:
For really important passwords though, I ditch the whole scheme all together, and use something random - I can remember a few of those.
My password for slashdot is random, btw.
Re:Whack (Score:1)
Re:That is one reason I have a PDA (Score:1)
Re:Palm Pilot (Score:2)
Phrases with a formula (Score:1)
Placement on keyboard (Score:2)
to take a word I know, or phrase, or whatever,
and transpose it on my keyboard -- move all the
letters one or two letters left, right up or
down. Usually I shift one or two characters
and one control character. Ususually, after the
second or third time I type it, I don't have to
look at the keyboard, either. =)
The net result of this is uniformly
line-noise-type passwords.
I have a total-foolproof method. (Score:1)
The oil light on the other hand...
memory&counterpane (Score:1)
Use memorable events (Score:1)
Here's my method, a specific mnemonic technique. Start by picking some specific event or time in your life that's easy for you to recall but is not an obvious one to someone other than yourself. For example "in 1996 when I traveled to Vermont to celebrate Thanksgiving with my best friend Bob," or "when I used to play Shadowrun with John and Paul in college," or "when I first started working for Peter and I had to fix up that unbelievably crappy Perl code the last programmer, Matt, put together." Make a point of choosing a specific event (a particular thanksgiving) not a generic or repeating one (any thanksgiving). Also don't pick something obvious (your wedding) or something someone could easily get information on (if you have a web page about your trip to Mexico, don't use that).
Now take the date, place, activity, and people involved in your chosen event/time-span. For example:
Pick out specific fragments of those to use in your password:
Glue your fragments together with non alpha-numerics:
After typing it a few times, you should be able to get it just by remembering "Thanksgiving at Bob's, 1996."
Of course you still have to remember which password goes with which account. If you find this to be the tricky part, you could probably deal with it by writing down just enough information to get you to remember, like "11-96". Unless someone can guess the event (thanksgiving) and knows the details (at Bob's place in Vermont), they can't even get near your password, and even with all that information the number of permutations makes a brute force approach prohibitive.
If you have a pilot... (Score:1)
Keep them in an encrypted file... usually (Score:1)
But two day ago I had to change my password on a very ancient and dumb terminal and I couldn't save it (even vi didn't display correctly
Re: (Score:1)
Re:Memorization through use. (Score:1)
I use The Public DNS as dns server for my domain. For 6 months there was no need to change anything. Now I have to change my IP address. And I can't remember my password. Some Linux or dns term, phonetic spelling in dutch with maybe a number. I tried over 60 passwords, haven't got it yet.
The Public DNS has a password reset service but they haven't reset a password for over a year. The service is free so I can't complain too hard.
Physical Passwords / Keys (Score:1)
Idea 1, SSH: I don't allow telnet to any machine I admin, just SSH. I've wanted to generate RSA keys for every host, and then burn them onto a CD. Use the same password to protect every key. Then, you'd have to have both my password and the CD to hack my boxes. This, of course, requires both SSH and a CDROM drive on any client machine that you access from. It doesn't work just for general passwords.
Idea 2, iButton: Maybe a different system would, however. It involves those funky iButtons [ibutton.com]. These are little watch battery sized devices which store some fixed amount of data (different sizes up to about 64k), and can be addressed by a simple serial interface. You touch the iButton to a small contact (called a "Blue Dot") which plugs into a serial port, and software downloads the data. Store the authentication data (RSA key or just a plaintext password) in the iButton, maybe all encrypted with a single password. Then when authenticating, touch the iButton to the contact, and type in the (single) password to decrypt. The software could figure out which account was being accessed, and use the appropriate key. I think the software bits here wouldn't be too hard (I only see software on iButton's site for Windoze machines, is this being remedied?). Of course, this would require a iButton contact on any client machine that you access from; or it would require you to carry the contact thingy around and plug it into a serial port (pain in the ass).
I've often wondered how well this would work in an environment with lots of people. Could you reasonably expect people to hold onto an iButton or a CD? Maybe the iButton, if it attached to their keys? Is this too Draconian?
Thoughts?
-c
Re:for (some not all) musicians..... (Score:1)
However, I noticed that most systems won't let you have passwords that are as long as Flight of the Bumblebee.
I tried a different technique, only to discover that drumsticks can really mess up a keyboard after long-term use.
my scheme (Score:1)
I actually have two schemes. The first is just to come up with a password that forms some sort of shape... then I just type the shape. (Yes, yes a lot of people do this). Although I find that this is most useful for telephone based passwords, its easier to type shapes when pecking IMHO.
Anyways, the other scheme that I use is that I come up with a fixed 4 character string of random symbols and numbers (like 1!.] or something like that) and then for each of my accounts I assign a four letter word (pick your favorite!). Then for the password I reverse the word and interleave it with the random string, so if you picked the word "this" for a particular account the password would be '1s!i.h]t'. So I remember one random string and then I just have a bunch of four letter words to associate with each account.
My Scheme (Score:1)
ie (bu11Y4u = nf11T4f, etc.)
it becomes fairly unreadable, but I suppose if you had a dictionary cracker that did dvorak conversion, it would be easier to crack, but hey, that's what backups are for...
password memorizing (Score:1)
Re:My wife's first name (Score:2)
heh
Foolproof method (Score:3)
You know, the string of numbers and letters on the label. This has saved my butt many, many times.
I may forget the exact string of letters, numbers, and non-alpha-numerics. But I always, always remember which CD.
If I'm home, I can pull it off the shelf. That's easy enough. But here's the cool part.
If you're away from home, any record store can look it up for you. This has saved me from having to hack into my own systems many times. And when you call a record store at 11:00 in the morning and say "I have a strange request", the lone person managing an empty store in off business hours is generally eager to help, too.
I don't care if they know the password - they don't know who i am or what i'm unlocking.
Sure, you could come to my house and take down a list of my entire cd collection, but it would take you a while. I have a lot of music, and i also mix upper and lower case on the letters.
Of course, if you have a small music collection, or predictable tastes, maybe it's not such a good idea. Personally, 70% of my cds were special-order.
associate with function (Score:2)
Simple - spoonerisms! (Score:2)
When creating a password, I take the first word(s) that pops into my head, and then spoonerize it..
(for those of you who have forgotten third grade english, a spoonerism is a play on words, where syllables are swapped.. for example "start the car" would become "cart the star." "slashdot" could become "dlatsosh", "datslosh")
Then, all I have to do is remember what I was thinking of when I created the account (pretty simple - if it's non-critical, I just use the name of the site.)
Oh, for those of you who think I just told you my slashdot password, this is the place I didn't do this
palmgear (Score:2)
--
Where to find this software... (Score:2)
Re:specialized memory? (Score:2)
In the free list? I assume it's never written to disk unencrypted.
Has this ever happened to you? (Score:2)
Now, this isn't the case anymore, but when I finally burned the piece of paper it was written on, I had the exact keystrokes tucked away somewhere in my head, but the actual password itself wasn't there. I could think "type the password" and quickly spin it off but I could not remember the password.
I've had to tell a few other people, and I always had to type it out into Notepad just to remember it, but I have it completely memorized now (along with 6 or 7 other 8-letter passwords).
Re:My strategey - 3 "zones" - one password per zon (Score:3)
Personally, I don't see the need to change them very often. I don't let people see them while I'm typing them (touchtyping has many advantages :) and I usually ssh to other systems. The only ones I don't ssh to are the ones I don't care about anyway (such as slashdot and the various MUCKs I'm on), and for those I just use a common word.
---
"'Is not a quine' is not a quine" is a quine.
My tricks: (Score:2)
first: take a phrase, say:
"I love Meg"
This is one that I can fondly remember.
second: mispell things:
"ey lav Meg"
third: truncate, abbreviate and shorten: "eylavm"
fourth: mess with the caps and characters: "eyLaVM"
There, you have a rather strong password, and all you need to remember is that you love Meg (which I do, I stopped using the password because I had to tell her what I'd done... ;).
Any way, it is a pretty simple hash, and you can use phrases as long as you like, anywhere from 2 words on up. All it needs to be is something you can remember.
For those stupid numbers (social security, bank accounts, etc), I have a little business card in my wallet which I write them on. Now, the first nine characters of every number is formatted to look like an ssn, and then when I have shorter numbers to remember, I tack them onto the end, so they don't really follow any format a person could recongnize. I can pick out which numbers are what, but that's because I know where I wrote them.
I hope that helps, but I also know that I have a pretty impressive long term memory, so what seems simple to me...
Jeff
Mnemonics that WORK... (Score:2)
gwcgptoz3wow
(Great Wall of China, Great Pyramid, Temple Of Zeus, 3 Wonders Of the World)
then I had to know a torsion formula for engineering:
theta_PLoverAE (theta = PL/AE)
onward to a new friend I met and whose birthday I needed to remember:
erica16june79
That way, after logging into my account for a week, I know my password and a useful fact. When I realize that I no longer recite the mnemonic to myself each time I login, I know it's time to change over.
--Jurph
Pretty Simple Method (Score:2)
Also, using psuedo-perl code generates instant line noise passwords, and as long as you're up on your perl, everything is easy to remember. For instance (this one is easy, but you get the idea):
my=~s/$p4ss/@w0rd/g;
It doesn't make sense, but that's ok.
Use cryptograms (Score:2)
Re:My strategey - 3 "zones" - one password per zon (Score:2)
Re:Piece of paper (Score:2)
YES!!! Good point. Let The Cracking Begin!!! This
E-mail Results 1 - 3 of 3
1) coward, anonymous
My E-mail Address is PRIVATE
2) coward, anonymous
My E-mail Address is PRIVATE
3) Coward, Anonymous
guest@Radio.CZ
We have found him!! He will pay for leaving himself so wide open. Let this be a lesson to all that would follow.
Re:Palm Pilot (Score:2)
All my passwords used to be based on either the word reverberated or stewardesses. "reverberated" definitely flows better, so I'd make passwords something like "Reverbberatedd".
'Course, then I switched to Dvorak, so now everything flows better.
Re:Patterns (Score:2)
Mmmmm. Dvorak.
Security through obscurity.
Re:Patterns (Score:2)
Re:Finger drumming (Score:2)
I usually use the front of my cranium to bash passwords into the keyboard. I figure, if I lose the front of my brain, I can do without being able to login to
Closed cryptographic software is a liability (Score:2)
This isn't to impune its author in any way: the software could have been compromised without his knowledge, or else his family might be held under risk of murder unless he distributes a non-obvious backdoor.
Cryptographic software has to be open-sourced, full stop. No exception.
Strip is GPL'd, so even if it were god-awful (which it is isn't), at least one can trust it.
Speaking of 3l337 rules (Score:2)
Actually, what I would really like is a proxy server that "Eleetizes" all communication going through it, while keeping links and such intact. That could be fun.
I could easily write the former myself if it does not exist, but I don't know how to write a proxy server...
--
grappler
not necessarily (Score:2)
--Siva
Keyboard not found.
Howbout this? (Score:2)
http://yourbox.com/cgi-bin/make-leet.pl?target=
or something similar. Just have the script grab the page in question, leet'ize it, and print it back out. Not too hard. A while back I wrote something like that to remove relocate urls from places like excite.