Slashdot Mirror
Memory Tools for Password Management?
New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"
Hiding my passwords in first post yt66axe
UTF-8: There and Back Again
Having a seperate password for 50+ websites is not realistic when you plan to memorize them all. I use KeePass to have very random 16+ char passwords (that I do not bother to remember) for every place I visit, and one master password to access the database.
As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.
For example, one of my beloved authors is James Joyce so a great way to make a password from him is to take a memorable quote of his that I know: "Well and what's cheese? Corpse of milk." This password would transform into Wawc?Com. which has two caps, a period and a question mark. You can do the same with Futurama or whatever you find easy to remember. Then I just attach that quote with the website/machine/network or whatever it is. You can also append the name of the quoted character or author or actor in order to make it longer so the password might be Wawc?Com.JJ which just makes it even more difficult for a code cracking program to get at.
Plus, since I naturally love the quote, it's very easy to memorize.
My work here is dung.
Use a similar password for each site, but customise parts of it
password/.
passwordgm
passwordeb
You don't want to use that for your important sites, just ones which need a password.
liqbase
I've kept this a secret to the whole community, but
I invented this super hard-to-crack encryption routine
called ROT26x(tm). There are other off-springs in the
multiples of its own 26 bits (52, 78, 104...etc).
The cool part of it is that once you encrypt your stuff,
it is soo hard to crack, because the outcome looks exactly
like the original text you encrypted!
The larger the multiples, the more its difficult to
crack (disclaimer:higher bits will be very cpu-intensive,
and will take longer to encrypt)
if anybody wants to help write up an RFC...
GUI == Graphical User Interference
While using part of the site name concatenated to your base password is good, there are other simple ways to make it stronger. I keep a list of online sites that I have passwords for. By using a 'known only to me' algorithm, I can use a list of those sites. This serves two purposes; 1) I don't have to remember what all the sites are that I have accounts on, and 2) The base password might be the same, but could change according to how I personally categorize the site content/type as well as by what number the site is listed on my written list. Nothing on the written list will tell you anything other than which sites I have an account on, but it serves to remind me what the passwords and login names are. I do have to remember some things, but not very many compared to the number of accounts. An example is:
1 google 18
2 yahoo 21
3 delicious 8
Not decipherable as important parts are missing from the list and is only in my head, such as what to do with each of the numbers and what the base password(s) might be. It's still enough to jog my memory when required. In this example, the 1 or the 8 in the third column might indicate the base password while the first column might indicate what algorithm would be used in generating the additional password parts. The ones that you use the most are easiest remembered. The list is for those that you don't always use or have trouble remembering
Support NYCountryLawyer RIAA vs People
The methods described in this article don't seem to be very useful. I have seen one method that works fairly well. Come up with a sentence you know you can remember. It can be something out of the blue like: "I prefer accessing Gmail in Firefox for the skins extension." Then make your password "IpaGiF4zse". The first letter of each word, the number 4 or 2 for for or to, too, etc. Even other ones can be used like 8 for ate and 3 for a word starting with e. The z makes sense for a replacement of t in the because if you use the pronunciation of the that sounds like thee, z and thee are fairly similar. Those types of schemes make sense.
But the better answer is:
Get a program like passwordSafe. It's GPL and it works great it even can generate the random passwords for you with whatever rules the given site or system allows. Just copy the database file to a backup every so often and all is well.
Random passwords, then just learn them.
[*] Really unimportant sites just an easy password that's the same across all of them
[*] More important, but still not critical sites use variations on a couple randomly generated pronounceable passwords; the fact they are random means that no dictionary attack will find them, while the fact that they are pronounceable makes them easyish to learn
[*] Critical sites (like my bank) I either generate a random password and learn it by rote repetition, or I use PasswordSafe and store the password and then just open that each time I need it.
In general, just repeat the password over and over to yourself a dozen times a few times over the course of a couple days (you can have it written down during that window) and you'll probably get it.
After all, that's how I memorized 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0.
(Let's see the MPAA subpoena my brain.)
Of course you could use 12345 for all your passwords. Wait, no don't do that; that's already used for my luggage.
* Getting halcyon1234's password from his own post - 5 seconds
* Checking to make sure it was real - 20 seconds
* Customizing his user account to display a custom "goatse" slashbox - Priceless
There are some things money can't buy. For everything else, you should change your password!
I've recently discovered password safe. You just have to remember 1 password, you have access to all your passwords. You can run it off a USB drive, so you can take your passwords with you anywhere. I used to use the same password for many sites, but now I have Password Safe generate a new password for each site.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Can I get a DMCA takedown request for your post since that's my luggage password?
Or do we have to compare receipts for date of purchace/senoirity to settle this.
My second will meet you on the Field of Honor for our duel......I suggest Tesla Coils at 25 meters, in the English Channel, at 50 meters below sea level.
You have been challenged sirrah!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
For accounts I don't care who access (like my free nytimes.com account), and in fact want people to crack to mess up the tracking data, I use the same password across all of them.
For infrequently used sites I choose a strong password, and forget it. Then, whenever I need that password, I get them to e-mail me a new one.
For accounts I use often and care about, I suck it up and memorize it. Pull a word or two, scramble the letters, add some numbers and punctuation randomly. Oftentimes, just thinking of that word, and cause I'm predicatable, I can recreate the password.
Your ad here. Ask me how!
For years our lab (a research lab behind locked doors, open only to a few trusted people) use IC part numbers for root passwords. To avoid having to remember them, we'd just drop the device itself into the top drawer of the desk nearest a particular machine.
Not the most secure method in the world, but far better than the practices in any other academic research group I've seen. (Most do something really complicated and uncrackable. . . like taking two three or four letter English words and putting one after the other. Or, taking a short English word and misspelling it by changing one letter.)
I use one basic 7 character set which consists of letters and numbers. I modify that depending on a sites sensitivity by adding characters.
/.
....(btw, all of the information posted here is true, however I intentionally mixed up the order of things)
For example "mi2SSrs", for common sites and forums such as
For technical sites where I download software I add a three letter prefix to the main.
For webmail, I capitalize the three letter prefix.
For online money transactions I capitalize the prefix and add a character such as ~ at the end.
For my home ftp server login I add in the last 4 numbers of a high school girlfriends phone number.
All of these numbers and letters are also followed or preceded by license plate numbers and letters that I choose at random and memorize from cars off the freeway. That is changed quarterly.
Bios passwords and administrator logins are pass phrases at least 8 words long with a number set.
Now, that may sound like alot to remember, but I write down mnemonic clues starting with the lowest level of protection, and as security gets higher, each set gets words associated with the add on characters.
These clues are saved to a text file and a yellow "post-it" and labeled "Passwords". The text file goes into my home directory and the post it goes underneath the keyboard on the desktops. Good luck trying to log into anything based on what is written down.
However, after using this system for a few years, I can easily remember passwords up to 25 characters without worry about losing anything. Muscle memory plays a big part too.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
That reminds me. I always use to post fake passwords on sticky notes to my monitor just to see who is paying attention and willing to point it out.
Paying taxes to buy civilization is like paying a hooker to buy love.
I've been using Strip (Secure Tool for Remembering Important Passwords) for years on Palm. It keeps your passwords in an AES encrypted palm database with a master password. I like it over other PC-based password managers because I know that whether I sit down in front of a Windows, Linux, or Mac machine, I'll always be able to get at my passwords.
I use Passreminder . It has a "memory stick" version and is java based and works on both Windows and Linux off my FAT based usb flash drive. Stupid html formatting not default.
So... I prefer to entertain my full frontal paranoia by not using anything digital or on-line to actually store my keys to the things that matter.
Instead, I decided to keep my keys in a little black book, old fashioned, perhaps even quaint you exclaim!
True Squire! says I, but go ahead then, have a go.. lets see you hack that book.
Of course I do have nightmares about losing the book, however an occasional trip to a copier and a safe deposit box takes care of those, for a while. Of course if you did get to read it, you'd find yourself holding a bunch of keys... to what? aha!, thats the devious and twisted bit, remind me not to share that!
For hard passwords I choose random letters and numbers in groups of 2, at least 8, 16 or 32 chars in length, depending on the resources value. Otherwise, so I am told, the encryption becomes much easier to break.
For less significant sites, I (like many it seems)use a favorite quote, condensed into a shorter string of the letters of each word.
There is no god; get over it already! Never exchange a walk on part in the war, for a lead role in a cage.
Becoming tired of remembering passwords, I wrote a little perl program to randomly generate a matrix like this:
:-) ).
a-E9 b-?p c-&m
d-6K e-aY f-eP
g-!S h-gn i-D=
j-Hd k-vw l-Cb
m-W5 n-4$ o-R3
p-x% q-7M r-NF
s-+2 t-s* u-Ay
v-fL w-zG x-Zu
y-cX z-Qr
I then print this, laminate it, and put it in my wallet (a backup copy somewhere isn't a bad idea either). Then, for every password I just remember a word (maybe "bank" for my bank for example) which gives me a password of: ?pE94$vw
Hard to guess, easy for me to "remember". If someone gets my paper (say I lose my wallet), it is still not simple to figure out what my passwords are, or even what the heck that little paper is. Shoulder surfing doesn't work too well either, unless you can memorize the whole card and then figure out which word I am using (it would be easier to try to watch me type the password on the keyboard then get it off the paper. Luckily I type fast and get annoyed when people stand over me while I type a password
I Am My Own Worst Enemy