Slashdot Mirror
Memory Tools for Password Management?
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.
For example, one of my beloved authors is James Joyce so a great way to make a password from him is to take a memorable quote of his that I know: "Well and what's cheese? Corpse of milk." This password would transform into Wawc?Com. which has two caps, a period and a question mark. You can do the same with Futurama or whatever you find easy to remember. Then I just attach that quote with the website/machine/network or whatever it is. You can also append the name of the quoted character or author or actor in order to make it longer so the password might be Wawc?Com.JJ which just makes it even more difficult for a code cracking program to get at.
Plus, since I naturally love the quote, it's very easy to memorize.
My work here is dung.
Use a similar password for each site, but customise parts of it
password/.
passwordgm
passwordeb
You don't want to use that for your important sites, just ones which need a password.
liqbase
While using part of the site name concatenated to your base password is good, there are other simple ways to make it stronger. I keep a list of online sites that I have passwords for. By using a 'known only to me' algorithm, I can use a list of those sites. This serves two purposes; 1) I don't have to remember what all the sites are that I have accounts on, and 2) The base password might be the same, but could change according to how I personally categorize the site content/type as well as by what number the site is listed on my written list. Nothing on the written list will tell you anything other than which sites I have an account on, but it serves to remind me what the passwords and login names are. I do have to remember some things, but not very many compared to the number of accounts. An example is:
1 google 18
2 yahoo 21
3 delicious 8
Not decipherable as important parts are missing from the list and is only in my head, such as what to do with each of the numbers and what the base password(s) might be. It's still enough to jog my memory when required. In this example, the 1 or the 8 in the third column might indicate the base password while the first column might indicate what algorithm would be used in generating the additional password parts. The ones that you use the most are easiest remembered. The list is for those that you don't always use or have trouble remembering
Support NYCountryLawyer RIAA vs People
For years our lab (a research lab behind locked doors, open only to a few trusted people) use IC part numbers for root passwords. To avoid having to remember them, we'd just drop the device itself into the top drawer of the desk nearest a particular machine.
Not the most secure method in the world, but far better than the practices in any other academic research group I've seen. (Most do something really complicated and uncrackable. . . like taking two three or four letter English words and putting one after the other. Or, taking a short English word and misspelling it by changing one letter.)
That reminds me. I always use to post fake passwords on sticky notes to my monitor just to see who is paying attention and willing to point it out.
Paying taxes to buy civilization is like paying a hooker to buy love.
I store everything in a flat file: /t pwd /t notes
sitename
That flat file is stored in a truecrypt hidden volume of about 10 megs, with the main volume containing source code (a reasonable thing to keep locked up in a secure volume if you're paranoid) making the plausible deniability plausable. The hidden volume password is cryptographically strong, and yet I only have to remember one strong password.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Becoming tired of remembering passwords, I wrote a little perl program to randomly generate a matrix like this:
:-) ).
a-E9 b-?p c-&m
d-6K e-aY f-eP
g-!S h-gn i-D=
j-Hd k-vw l-Cb
m-W5 n-4$ o-R3
p-x% q-7M r-NF
s-+2 t-s* u-Ay
v-fL w-zG x-Zu
y-cX z-Qr
I then print this, laminate it, and put it in my wallet (a backup copy somewhere isn't a bad idea either). Then, for every password I just remember a word (maybe "bank" for my bank for example) which gives me a password of: ?pE94$vw
Hard to guess, easy for me to "remember". If someone gets my paper (say I lose my wallet), it is still not simple to figure out what my passwords are, or even what the heck that little paper is. Shoulder surfing doesn't work too well either, unless you can memorize the whole card and then figure out which word I am using (it would be easier to try to watch me type the password on the keyboard then get it off the paper. Luckily I type fast and get annoyed when people stand over me while I type a password
I Am My Own Worst Enemy