Re: Standard way to remember passwords

PGP wrote:
> "fluidly unsure" <dripping@xxxxxxxxxxxxxx> wrote in message
> news:9ndkf.26160$7h7.21484@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>PGP wrote:
>>>"Shenan Stanley" <newshelper@xxxxxxxxx> wrote in message
>>>>PGP wrote:
>>>>>I have a config utility that lets users change service params and
>>>>>when it's time to apply changes, the user needs to supply his user
>>>>>name and pass as the services are created under the user so that
>>>>>user priviliges on certain resources would apply. I would like to
>>>>>remember the user's password if he choses to do so in a secure
>>>>>manner. Is this adviceable? If so, how is it done?
>>>>There are several Password Manager products out there.
>>>>Are you talking about them remembering what they used.. Or YOU
>>>>what they used?
>>>>Shenan Stanley
>>>> MS-MVP
>>>>How To Ask Questions The Smart Way
>>>The username and password used here would be the user's system login
>>>credentials (for windows services). What i am trying to do is to find out
>>>there is a prefered way to save these so the user dont have to retype
>>>So the answer would be me remembering the passswords.
>>The password managers I've used help when Windows is already running but
>>not during login or on another system. I use one that is simple to use
>>for Internet access (the free version of "Password Depot") and another
>>separate password manager as a master-list of everything (password safe
>>on a USB thingy).
>>But to remember a password, I first analyze the risk factor (The benefit
>>of a weak password vs. the potential consequences of it being broken).
>>My bank account has a much higher risk-factor than a forum, so it gets a
>>much stronger password.
>>If the risk-factor is very low I use the same simple password on all of
>>them. But that is nowhere near safe. If someone breaks one, they've
>>broken all of them. It's just that when I use it, I really don't care.
>>The hard part is getting the risk-factor right.
>>When the risk-factor is high, I come up with a complicated passphrase.
>>I get three or four random words out of a book by opening to a random
>>page and pointing to a random spot on the page. Then I choose one of the
>>words under my finger.
>>Then I munge the words so they look like leet speak. My standard is to
>>1) capitalize each word, change certain lower-case characters to
>>symbols, and change certain lower-case characters to numbers.
>>If I ever need to write the password down, I right down the unmunged
>>passphrase and then translate it in my head. After using the passphrase
>>two or three times, the random words stick in your mind like an annoying
>>Now you've got a passphrase that is easy to remember, has a combination
>>of symbols, numbers, upper-case, and lower-case. And it cannot be found
>>in a dictionary. You've made it difficult for both brute force and
>>dictionary attacks. Birthday attacks I not sure of because I don't
>>understand them yet.
>>For example: SymbolsBreakWrite = Sym8015Br3@kWr!73 (three words in this
>>Believe me "symbols break write" is alot easier to remember than
>>"Sym8015Br3@kWr!73", but "Sym8015Br3@kWr!73" is much more secure than
>>"symbols break write".
>>There is a pattern here and I'm sure enough cleverness could break it.
>>But nothing is completely secure, and you'll drive yourself crazy if you
>>try too hard.
> Thankyou!

Another technique to munge the phrase is to simply move your hand up one row and
one key to the left. So you put your left pinky on the Q instead of A and your
right pinky on P. Then type as you normally would. The passphrase doesn't look
as strong to me, but it might be easier to type in since you have to do fewer
mental gymnastics.

The phrase 'symbols break write' would be 'W6jg9o2G43qi@4853'. (With the spaces