Slashdot Mirror

← Back to Stories (view on slashdot.org)

Memory Tools for Password Management?

Posted by Cliff on from the sometimes-mnemonics-aren't-enough dept.

New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"

13 of 125 comments (clear)

  1. Hiding by halcyon1234 · · Score: 3, Funny

    Hiding my passwords in first post yt66axe

    --
    UTF-8: There and Back Again
    1. Re:Hiding by AKAImBatman · · Score: 4, Informative

      Use an MD5 password generator. You can use the same password across sites, but it won't get compromised. Ever. There are a few sites like these that can help you generate these passwords:

      http://passwordmaker.org/
      http://angel.net/~nic/passwdlet.html
      http://www.xs4all.nl/~jlpoutre/BoT/Javascript/Pass wordComposer/

      --
      Javascript + Nintendo DSi = DSiCade
    2. Re:Hiding by AKAImBatman · · Score: 4, Informative

      Until some idiot admin leaks, or lets leak, all those oh-so-secret passwords.

      I don't think you understand how it works. What you do is you enter the password (it can be the same for all sites), then enter the name of the site (which can be pulled from a bookmarklet). A bit of Javascript on the client then hashes that information using the MD5 algorithm, and spits the result back out as a secure password.

      The beauty of this is that no one has your password except you. And if you forget the generated password, you can always regen it by entering the exact same information. However, since hashes can't be reversed, your master password will not be compromised even if a lame admin compromises your generated password on his site.
      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:Hiding by Short+Circuit · · Score: 3, Funny

      The beauty of this is that no one has your password except you. And if you forget the generated password, you can always regen it by entering the exact same information. However, since hashes can't be reversed, your master password will not be compromised even if a lame admin compromises your generated password on his site. Until the site with the hashing algorithm you're using goes offline. (Unless you saved it, of course.)

      My system is similar, yet much easier. The first portion of my password is the name of the computer or service I'm connecting to, while the second half is a random string that only I know. Which string I use depends on what group of people I need to share the account with--in such cases where an account needs to be shared. Otherwise, I have my own string.

      The downside, is that if someone were to sniff one of my passwords, and if they're familiar with my system, they could then guess the passwords to most of my accounts. Which is why I change that suffix relatively frequently. The upside, of course, is that I have a different password for every single computer and service I log into.
      --
      tasks(723) drafts(105) languages(484) examples(29106)
    4. Re:Hiding by AKAImBatman · · Score: 3, Informative

      Until the site with the hashing algorithm you're using goes offline.

      So get a downloadable version and back it up. ;-)

      The online version is common because these passwords are for websites. So making a web-enabled version is a no-brainer. But the algo is so straightforward that it was pretty easy for the guys who made it to port it to different platforms.
      --
      Javascript + Nintendo DSi = DSiCade
    5. Re:Hiding by AKAImBatman · · Score: 3, Funny
      Look again. The download page has:
      • Browser Extension
      • Yahoo! Widget
      • JavaScript Edition
      • Command-Line Edition
      • PHP Edition
      • Mobile Edition
      • PDF Manual

      The best system is one that you can keep in your head.
      Certainly. So download the source code and memorize the algorithm. Then you can do the hash in your head. :-P
      --
      Javascript + Nintendo DSi = DSiCade
  2. Abbreviated Quotes by eldavojohn · · Score: 4, Interesting

    As a nerd, I memorize a lot of quotes. And, one can use this to one's advantage. Whether it be Star Wars, Futurama, Orson Scott Card, The Bible, or whatever your favorite work is, you can take a quote & turn it into an easily memorable password.

    For example, one of my beloved authors is James Joyce so a great way to make a password from him is to take a memorable quote of his that I know: "Well and what's cheese? Corpse of milk." This password would transform into Wawc?Com. which has two caps, a period and a question mark. You can do the same with Futurama or whatever you find easy to remember. Then I just attach that quote with the website/machine/network or whatever it is. You can also append the name of the quoted character or author or actor in order to make it longer so the password might be Wawc?Com.JJ which just makes it even more difficult for a code cracking program to get at.

    Plus, since I naturally love the quote, it's very easy to memorize.

    --
    My work here is dung.
  3. passwordSafe by liam193 · · Score: 4, Informative

    The methods described in this article don't seem to be very useful. I have seen one method that works fairly well. Come up with a sentence you know you can remember. It can be something out of the blue like: "I prefer accessing Gmail in Firefox for the skins extension." Then make your password "IpaGiF4zse". The first letter of each word, the number 4 or 2 for for or to, too, etc. Even other ones can be used like 8 for ate and 3 for a word starting with e. The z makes sense for a replacement of t in the because if you use the pronunciation of the that sounds like thee, z and thee are fairly similar. Those types of schemes make sense.

    But the better answer is:

    Get a program like passwordSafe. It's GPL and it works great it even can generate the random passwords for you with whatever rules the given site or system allows. Just copy the database file to a backup every so often and all is well.

    1. Re:passwordSafe by IL-CSIXTY4 · · Score: 3, Informative

      I second this! I keep the Windows and Linux versions of PasswordSafe on a USB key I wear around my neck, and back them whole thing up weekly. It's free, secure, and usually on-hand when I need it.

  4. Parody by Anonymous Coward · · Score: 5, Funny

    * Getting halcyon1234's password from his own post                     - 5 seconds
    * Checking to make sure it was real                                    - 20 seconds
    * Customizing his user account to display a custom "goatse" slashbox   - Priceless

    There are some things money can't buy.  For everything else, you should change your password!

  5. Re:Password Safe by El+Cubano · · Score: 4, Informative

    I've recently discovered password safe [sourceforge.net].

    If you use *nix, then MyPasswordSafe is your friend. It uses the same file format as password safe.

    If you use Mac OS X, then Password Gorilla is your friend. It too uses the same file format, though it is a tad slow on open and save operations.

    MyPasswordSafe is Qt-based (but it is better than the GTK-based equivalent password management program out there, and I generally prefer GTK-based apps over Qt-based apps). It should theoretically run on Mac OS X and Windows. I don't know about its status on Windows, but I know it doesn't work on Mac OS X. I have managed to get it to compile, but it segfaults. Once the semester is over, I intend to delve into it a little.

    Password Gorilla also runs on practically everything. However, it is a Tcl/Tk application and looks ugly on every platform except for Mac OS X (thank you Apple for making some of these GUI toolkits not so ugly).

    The neat thing about having all these programs out there is that they are compatible and make it a cinch to move your password database across machines and have it be usable everywhere.

  6. Three layer approach by Actually,+I+do+RTFA · · Score: 3, Insightful

    For accounts I don't care who access (like my free nytimes.com account), and in fact want people to crack to mess up the tracking data, I use the same password across all of them.

    For infrequently used sites I choose a strong password, and forget it. Then, whenever I need that password, I get them to e-mail me a new one.

    For accounts I use often and care about, I suck it up and memorize it. Pull a word or two, scramble the letters, add some numbers and punctuation randomly. Oftentimes, just thinking of that word, and cause I'm predicatable, I can recreate the password.

    --
    Your ad here. Ask me how!
  7. Part numbers. by munpfazy · · Score: 3, Interesting

    For years our lab (a research lab behind locked doors, open only to a few trusted people) use IC part numbers for root passwords. To avoid having to remember them, we'd just drop the device itself into the top drawer of the desk nearest a particular machine.

    Not the most secure method in the world, but far better than the practices in any other academic research group I've seen. (Most do something really complicated and uncrackable. . . like taking two three or four letter English words and putting one after the other. Or, taking a short English word and misspelling it by changing one letter.)