Re: Passwords

From: Stephen K. Gielda (steve_at_packetderm.com.bogus)
Date: 05/11/04

  • Next message: phn_at_icke-reklam.ipsec.nu: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"
    Date: Mon, 10 May 2004 21:38:18 -0400
    
    

    In article <p9vs90dpbb5raooepkcqen8ud5nveee58n@4ax.com>,
    david_removeablejunk_.rolph@cox.net says...
    > Hello,
    >
    > I am sure I am not the first person to encounter this problem. I hope
    > somebody can point me in the right direction to a solution for it.
    >
    > I am a fairly low tech computer user. Over time I have accumulated a
    > rather large collection of accounts and passwords.
    >
    > Some of them are for unimportant things like a on line forum I am a
    > member of. Some of them allow access to my bank account or the like.
    >
    > I have a half decent system for keeping passwords that relies mostly
    > on my own memory. But it regularly falls down on things I dont access
    > for a long time. I am aware of other methods like:
    >
    > writing them down on a piece of paper that I hide.
    > keeping a list in a computer file that I encrypt.
    > using the same password for lots of things.
    > allowing my browser to remember the passwords for me.
    > getting a password management program.
    >
    > I am willing to spend some, but not a massive amount of time on
    > managing these passwords. I think that there are probably people out
    > there who are capable of getting my passwords whatever I do. I'd like
    > to get some advice from the experts here on what is a good way to look
    > after my passwords.
    >
    > I am leaning towards getting a password manager program. Is that too
    > much of an all your eggs in one basket approach?

    As others have recommended, pgp is a decent solution. However, there
    are tricks to maintaining many passwords that are secure, yet easy for
    you to remember. For example, come up with a phrase like "Ask not what
    you can do for your country". Take the first letter of each word while
    substituting numbers and symbols where appropriate. "Ask not what you
    can do for your country" becomes A!wycd4yc. This is a normal technique
    for passwords, but you want them unique for each site and still easy for
    you to remember which you used for what, so take it a step further.

    Add the first and last letter of the site you are registering for to the
    mix. For example, Ebay take the E and the y, place the E at the
    beginning of your hash, the y at the end. You now have EA!wycd4ycy. As
    a password for e-bay. Register for Yahoo and it becomes YA!wycd4yco.
    You end up with a unique password for everything that becomes very easy
    for you to remember for each site because all you really have to
    remember is one hash.

    This is just an example, come up with your own, put the last letter of
    the site or machine name first and the first last, place them in the
    middle instead of the ends if you want. Whatever you feel gives you a
    good hash mix and is easy for you to remember the structure. Then use
    that constistently and you'll have unique passwords for everything that
    are easy for you to remember.

    /steve

    -- 
    Protect yourself on-line.  Hide your identifying details in e-mail, 
    usenet, and more. A privacy service like no other.
    No one gives you more control over your e-mail than we do!
    http://www.cotse.net/servicedetails.html
    

  • Next message: phn_at_icke-reklam.ipsec.nu: "Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall prevent Sasser worm?]"