Let’s discuss your passwords. Not that I care what they are. But I am curious about how people go about selecting them.
If you work in an office, you are probably forced to change your network password periodically and can not use any of the five or six previous ones. So how do you go about it?
I’ve seen lazy modifications like ‘username1’, ‘username2’, etc. Almost zero security there.
I tend to have passwords that can be related to something. One example that I have used (and don’t use anymore or I wouldn’t post it) is:
:)&O:)w/u
Do you see it?
One more then:
:(&u:(_|_
A little more difficult perhaps.
I spend the two week notification regarding password changes trying to come up with something that I can recall, and that is difficult to guess. Leet usually offers some assistance, as does playing ‘Bumper Stumpers’ (really bad Canadian game show).
A further complication is that I use a Dvorak keyboard layout but my boss doesn’t like it when I change the keys around. The result is that I have a QWERTY physical layout with a Dvorak input. Also, the Dvorak layout does not get implemented until after I log in to my account. So I actually have two different key sequences to enter my password, one when I first log in (QWERTY) and another when I want to unlock my system (Dvorak).
How about any of you? Any good password creation methods or are we living at a time when almost anyone given 5 attempts has a good chance at guessing your password.
Same here. I started using my pet name for my boyfriend back in '99 or so. It’s something nobody would ever guess, so I just kept using it. I sometimes think I should change it, since he and I broke up several years ago, but I don’t think I could remember anything else.
Well it did seem a bit excessive to me ^^;; My basic philosophy is, if they want my email password that badly, go right ahead. There’s nothing important in there. Besides, in the big ocean of users that is the net, the chances of a ‘hacker’ pinpointing my computer and trying to steal my password is pretty slim.
I use a combination of various pets names I’ve had, or some nicknames I have for the daughter. If I have to add a number, it’s a college dorm room number.
If it’s a PIN, I use old work phone extensions from jobs way back in time.
I come up with something ostensibly easy for me to remember and not all that difficult for a determined cracker to break, like the name of a vegetable in one of the foreign languages I’m familiar with. Add a number and a punctuation mark somewhere, only because my employer’s system demands it.
Then I continue trying to log in with the old password, realize I’ve completely forgotten the new one, and call desktop support to get them to reset it. Around the time I’ve finally committed the new password to memory, I’m already getting nag messages encouraging me to change it again.
Until recently I would take two words in Portuguese and separate them with a hyphen: (e.g. liso-raposa – smooth-fox).
My company then deployed a password synchronization tool that is great and wonderful, but it requires that our password fit the rules for all of the different systems. Consequently, they require us to use exactly eight letters and numbers, with at least one letter, and no dictionary words.
I gave up.
I installed SplashID on my Treo and desktop, and I use their handy-dandy password generation utility whenever I need a fresh one.
Here are a few quick ones that I just autogenerated: “toj56ar1”, “ad58il68”, “fet2od65”
I have a couple main ones based off usernames I’ve had (I use these a lot for sites I likely won’t visit a lot), a couple more are acronyms that are easy to remember but a bit harder to crack, another is a pet name, one is a random 6-digit number, and yet another pair is based off the school I go to. Most of them use digits somewhere, though only one uses a special character or uppercase letters. So no set system, though if I need a new one for some reason, I try to make it easy to remember.
I use one of three variations on a theme, depending on whether the password in question needs to be longer than 4 digits, or needs a mix of numbers and letters.
I rotate through a series of passwords that are essentially random noise. I remember them based on their “shape” on the keyboard, so when I need to change passwords, I just move the password’s shape to the left or right by one space. For example, a triangle drawn from Z (using SHIFT on the upstroke) yields
ZSE$rfvcx
and it can be transposed to create
XDR%TGBvc
CFT^yhnbv
VGY&ujmnb
NJI(ol.,m
…and so on. Find a shape you like – a good parallelogram could yield
VGY&89ijnb
and
BHU*90okmn
Diamonds, lightning bolts, and hexagons can also yield several possibilities.
I create a sentence that has something to do with the system in question that has a number in it somewhere. For instance, for a science message board, I might write “Pluto is no longer one of the 9 planets”. Then I take the first letter of each word in sequence (with numbers preserved). The example would become Pinloot9p. Add in some standard vowel substitutions (P1nl00t9p), and you have a secure password that’s relatively easy to remember.
If I have to come up with one quickly or unexpectedly I usually use musical instruments spelled with numbers for some letters: c3110, v10l1n, th3r3m1n.
I aslo have one password that’s “the-old-stand-by” that I use if I need a password for something I won’t be using very often. It’s actually a sentance with no spaces that refers to a number I was assigned at some point and for whatever reason I remember it easily.
Now that I think of it, my online banking password is the only one I have to change very often and it’s probably the least well conceived. Next time I have to change it I’ll make it better. The problem I have is that I want it to be easy to use and remember so username1 username2 etc. etc. seems so obvious. Too obvious.
I use words from other languages as well. I almost always use some numbers for letters, but not the same numbers or letters if I can help it.
I take a four digit non-birthday/anniversery number (1234) and a four letter word (Abcd), interpose the numbers with the letters reversed and viola - 1d2c3b4A! Easy to remember and usually passes the rules.
I like this and I’ve heard that some DoD techs use this method for their passwords. They don’t know what the password is, just the pattern on the keyboard.
I can’t use this method because of my use of the Dvorak layout. I could change but it’s too much fun watching people try to type on my system lol
I usually pick a word that has a number associated with it and connect them with an equals sign. I try to make it ideosyncratic enough that someone wouldn’t know the pair through common knowledge.
So I would use something like “house=25” because 25 was the street number of the house I grew up in.
I use the same password for all non-critical sites like newspaper sites.
Other sites (like the SDMB) get individual passwords generated by and managed with the open source program KeePass Password Safe.
I memorize a few frequently used passwords. I make up a nonsense sentence with words whose first letters are the characters in the generated password. I memorize numbers in the password as-is. Sometimes I’ll change a character of the password to make it easier to come up with a sentence.
At one point I set up a spreadsheet that would generate passwords for fast touch-typing, i.e., the characters alternated between the right and left hands.
For my work password, which I have to change regularly and is not really security-critical, I often use the names of recent places I have visited - the last place I went on holiday, that kind of thing.
For more secure passwords, I use postcodes of various places - old houses, friend’s houses etc. (UK postcodes are combinations of letters and numbers, with a space in the middle, e.g. S10 5GY). If I want more security I’ll add a road or house number, as a determined hacker could presumably run the whole Royal Mail Postcode file through the system…
I used to be very bad and use the same alphanumeric password for everything.
Now I still use that same stupid password for unimportant stuff (nytimes.com registration, for example) and strong passwords for anything connected to money. My passwords are all along a theme, although the individual items would be very hard to guess unless you knew me VERY well, and I use the “take a word and mung it with weird characters” method. Each password is also somehow related to the site/service I use it for.
So, for example, “Captain Kirk” would become C@pt@!n|<1rk.
I have one password that’s a munged/abbreviated sentence.
I won’t share my method for remembering/storing exactly how I munged each password, but I think it’s pretty clever.