Re: Standard way to remember passwords




"fluidly unsure" <dripping@xxxxxxxxxxxxxx> wrote in message
news:9ndkf.26160$7h7.21484@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> PGP wrote:
>> "Shenan Stanley" <newshelper@xxxxxxxxx> wrote in message
>> news:%23hZAcZ39FHA.2544@xxxxxxxxxxxxxxxxxxxxxxx
>>
>>>PGP wrote:
>>>
>>>>I have a config utility that lets users change service params and
>>>>when it's time to apply changes, the user needs to supply his user
>>>>name and pass as the services are created under the user so that
>>>>user priviliges on certain resources would apply. I would like to
>>>>remember the user's password if he choses to do so in a secure
>>>>manner. Is this adviceable? If so, how is it done?
>>>
>>>There are several Password Manager products out there.
>>>Are you talking about them remembering what they used.. Or YOU
>>>remembering
>>>what they used?
>>>
>>>--
>>>Shenan Stanley
>>> MS-MVP
>>>--
>>>How To Ask Questions The Smart Way
>>>http://www.catb.org/~esr/faqs/smart-questions.html
>>>
>>
>> The username and password used here would be the user's system login
>> credentials (for windows services). What i am trying to do is to find out
>> if
>> there is a prefered way to save these so the user dont have to retype
>> them.
>> So the answer would be me remembering the passswords.
>>
>
> The password managers I've used help when Windows is already running but
> not during login or on another system. I use one that is simple to use
> for Internet access (the free version of "Password Depot") and another
> separate password manager as a master-list of everything (password safe
> on a USB thingy).
>
> But to remember a password, I first analyze the risk factor (The benefit
> of a weak password vs. the potential consequences of it being broken).
> My bank account has a much higher risk-factor than a forum, so it gets a
> much stronger password.
>
> If the risk-factor is very low I use the same simple password on all of
> them. But that is nowhere near safe. If someone breaks one, they've
> broken all of them. It's just that when I use it, I really don't care.
> The hard part is getting the risk-factor right.
>
> When the risk-factor is high, I come up with a complicated passphrase.
>
> I get three or four random words out of a book by opening to a random
> page and pointing to a random spot on the page. Then I choose one of the
> words under my finger.
>
> Then I munge the words so they look like leet speak. My standard is to
> 1) capitalize each word, change certain lower-case characters to
> symbols, and change certain lower-case characters to numbers.
>
> If I ever need to write the password down, I right down the unmunged
> passphrase and then translate it in my head. After using the passphrase
> two or three times, the random words stick in your mind like an annoying
> lyric.
>
> Now you've got a passphrase that is easy to remember, has a combination
> of symbols, numbers, upper-case, and lower-case. And it cannot be found
> in a dictionary. You've made it difficult for both brute force and
> dictionary attacks. Birthday attacks I not sure of because I don't
> understand them yet.
>
> For example: SymbolsBreakWrite = Sym8015Br3@kWr!73 (three words in this
> posting)
>
> Believe me "symbols break write" is alot easier to remember than
> "Sym8015Br3@kWr!73", but "Sym8015Br3@kWr!73" is much more secure than
> "symbols break write".
>
> There is a pattern here and I'm sure enough cleverness could break it.
> But nothing is completely secure, and you'll drive yourself crazy if you
> try too hard.
>
> --
>
> Liquid

Thankyou!


.