[Discuss] Passwords

Daniel M German dmgerman at uvic.ca
Thu Aug 2 14:28:53 PDT 2007 

 Gary> Good day,
 Gary> And if you really want to be serious, just make them all from regular words turned into
 Gary> "Leetspeak"
 Gary> For example, you could use the word "dictionary" and turn it into something like "D1< t|0n at rY"
 Gary> The longer the password, the more secure it is also.

As long as the server supports it. at uvic netlink passwords are 8
characters. Use more and some services will take them (and ignore
them) and some will reject them. It took me a while to discover why
some services didn't like me :)



 Gary> So without going through the complexity requirements of making a password extra secure, you could
 Gary> just go with phrases from novels and such all strung together. That would be easier to remember,
 Gary> but some things may not let you do that if the field is too short.

There are many ways to remember a password. The dumbest in my opinion
is to use a "word". Use a greeting, a song, a famous phrase, a page of
a book, a pamphlet, the md5 of your favorite mp3 song. There are so
many possibilities. use a character that reminds you of each of your
past SOs (oops, this is vlug, nobody here might have had enough SOs in
the past :)

dmg


 Gary> Then again, if you use a password manager to record them all, the only password you need to
 Gary> remember is the one to get you into it.
 Gary> Security best practice...

 Gary> Ttyl, Gary

 Gary> On 8/2/07, Daniel M German <dmgerman at uvic.ca> wrote:

    Adam Parkin twisted the bytes to say:
   
    Adam> Good advice, and one more piece of free advice: if you're like me and
    Adam> can't remember a gazillion different passwords, come up with a scheme
    Adam> for generating them.  One possible scheme is to insert letters from
    Adam> the service the password is to be used for into your "standard"
    Adam> password. For example, lets say your normal password is "helloWorld",
    Adam> and you want a "secure" password for your Gmail account, then you
    Adam> might use something like:
   
    Adam> helloGmailWorld
   
    Adam> or:
   
    Adam> helloWorldGmail
   
    What you are describing is a rudimentary hash function, which I
    believe is the best simple protection against the proliferation of
    secure credentials.
   
    I would suggest to up-the-ante (whatever that expression really means
    :) and hash the name of the service. So instead of "helloGmailWorld"
    you use somethin like "helloH4World". It makes it a bit more difficult
    to decipher if you lose one key.

    dmg

    --
    Daniel M. German
    http://turingmachine.org/
    http://silvernegative.com/
    dmg (at) uvic (dot) ca
    replace (at) with @ and (dot) with .
    _______________________________________________
    Discuss mailing list
    Discuss at vlug.org
    http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss

 Gary> --
 Gary> There is no theory of evolution, just a list of animals Chuck Norris has allowed to live....


-- 
--
Daniel M. German                  
http://turingmachine.org/
http://silvernegative.com/
dmg (at) uvic (dot) ca
replace (at) with @ and (dot) with .

More information about the Discuss mailing list