Life-cycle of Passwords

I had the best password ever.

A combination of letters (both lower case and upper case), numerals, special characters, and was at least 8 characters long. Most often longer in certain systems.
I could add/subtract characters at will to said password, depending on their (often stupid) requirements.

An advantage was I didn’t need to write it down, as it was a cryptogram whose meaning was only known only by me. No need for password managers, nor sticky notes taped to the bottom of a dresser drawer.

Now I have been informed by ****** and **** and ********* that it is time to change login credentials.
I think I will let Mister Whiskers (a Maine Coon) walk across my keyboard and examine the results.

The only problem I dread is changing said password on roughly 5-6 devices for every account.
I am out of sticky notes also, though I have paper towels handy.

Use a password manager. It will have a password generator to give you unique passwords for all your logins. I’ve used Roboform for the last twelve years. If I didn’t, I’d use KeePass. You will only need to remember one or two master passwords. Use the XKCD method to generate those. Yeah, sure, write them down in your diary or something that never leaves the house.

Yep, a password manager. I use 1password. It’s on all of my computers, ithings and android.

You are REQUIRED to change passwords every X period: you are NOT required to* wait* every X period.

Change password. Wait 24 hours. Re-change password to same old password.

Some mainframes (1990+) learned to retain passwords and would not allow a new password to be the same as any from the last 5 passwords.
So change it 5 times.

For years I used a base password and changed it monthly by changing the numerical part, which consisted of the month and year. The only problem was on the stupid systems that wouldn’t allow repeated character in sequence. Really? I would think that would add to the complexity of breaking the password. Anyway, I’d just shift one of the repeated characters and off I’d go.

I should start doing that again, since I’m back in the workforce with the stoopit password requirements.


I have a password manager. It helps.

As for passwords, I choose a line out of a song I like, and use the first letter of each word. Then choose a number and use that numbers special char. Pretty easy to remember.

“Ticking away the moments that make up a dull day” Becomes -

My passwords usually (like most of you) have to have CAPS and lower-case, numbers and some ‘top-row’ stuff. So I borrow from experience and leave myself some code words that I know but would not be of help to anyone trying to ‘break’ it.

For example, oldAP©+Dad+2SW+newAP(nc) might give you a few hints, but getting it all would be a challenge, IMHO. Even if you puzzle out what it means, you would need an inimate knowledge of my history to figure it all out.

IMHO as always.

I used a system for several years where you didn’t get to choose your password at all. You could request a new one whenever you wanted, but you got a random password chosen for you. Security was a bit simpler in those days, so passwords were just a random sequence of six letters.

One guy told me his technique was to request a new password over and over until he got something he could pronounce.

ETA: And some systems make you wait a certain period of time before you can change your password again. I think Windows Server works this way, or it can be configured to.

We’re supposed to be fighting ignorance here. Change your password periodically because it’s the smart thing to do.

I use song lyrics and l33t them up. So if I was going to use, say, “If I only had a brain” from the Wizard of Oz (since I’ve had that as an earworm for the last two days). The lines:

“I could be another Lincoln
If I only had a brain.”

might become 1cb@Li10h@B or something like that.

I would never use that because the earworm I’d have every day would be terrible, but I pick something I like, and a line I’ll remember, and there it goes. I usually have it memorized within a couple of days.

I used to use old license plate numbers, which were seven characters of random letters and numbers. I can’t really anymore since now I am usually required to have eight characters and punctuation. I can’t even use the XKCD method for most things.

So here’s what I do at work now, although it’s probably not as secure as it could be. And my SDMB password is not using this method, so don’t get any funny ideas: I just start with a letter on the top row, usually Q, and type it three times, then go to the number above it and type it three times, then hit shift and type the punctuation on that number three times, so “qqq111!!!”. Then when I’m forced to change the password a few months later, I just move over to the next set of keys, “www222@@@” and so on. If I’m required to use both upper and lower case, I’ll just add another sequence of the letter, “qqqQQQ111!!!”. If anyone wants to hack into my work computer and do all my work for me, feel free.

So for fun and giggles I plopped Mister Whiskers down on my laptop keyboard.
Now my gggggg key is stuck and the H key is misbehhavinggggggggggggg.

here is his password gggenerated:
kkerw=e9983fq8gggh0l kj;;;;

No way am I going to remember that. Plus speelcheck is having a fit
Lesson learned. Don’t put a 40 pound (estimated) cat on top of ones keybpwrd.

I need a new hhobby.

My password scheme is similar to this – I pick a password that makes some geometric pattern according to the layout of the keys on the keyboard. I’ve said too much.

I was one of those 50’s “Free Range”* kids. As a pre-condition, my mother made sure I memorized:
my name
my address
my phone number.

50+ years later, I still remember this drill.

The address (number, ordinal, street name, street type e.g. 123 N Main Ave.) makes a pretty good base for a password.

There was a comic strip years go in which a character uttered a nonsense term. That term stuck, and I used a vowel-progression on it for many years.

    • back then the term was “kid”. Yes, really!

My go-to password for sites that require upper, lower, special AND numeric only uses three keys counting Shift:
This is not my password for SDMB, which allowed all-lowercase when I set my password, but you can use it to post comments under my name at certain other sites.

It’s ironic that stupid little blogging sites have strict password rules, while U.S. accounts connected to large sums of money don’t even use challenge-response like European bank websites. (Yes, they use https but that doesn’t defeat keyboard sniffers.)

Two factor authentication, but I feel your pain.
On phone with CS rep who hasn’t clue. What?, wait?, why not? no way? WTF?

Thank you for keeping my money safe. I thought that was one of your jobs. F*** you world-wide bank and for hiring morons who don’t know how to tie shoe-laces.
Mods… sorry, just had to vent. Feel free to bump this to the Pit.