Comments on: Password Algorithms: Create and Remember Unique Passwords for Every Account

By: HikingStick

HikingStick — Wed, 25 Jan 2012 14:21:00 +0000

The nice thing about some OSes is that they will let you have very long passwords. In such cases (or when securing password locker software), I like to use uncommon snippets of prose, including all spaces, capitalization, and punctuation.

For one, recently, I used a passage from The Hobbit. If you do use such a method, however, you need to avoid the most common passages (e.g., “In a hole in the ground there lived a hobbit.”). Pair such a passphrase with even a small clump of complex characters at the fore or the rear, and even someone who figures out your passage won’t be able to crack it (in any immediate time scale).

By: HikingStick

HikingStick — Wed, 25 Jan 2012 14:15:00 +0000

Late (but hopefully helpful) addition: Add the fact that you’ll need to change the password regularly to your algorithm. Don’t be as simple as prefixing your password with a date code, but find something meaningful at the time, that you’ll remember for the next three months. As an example, if you were just on a trip, add a keyword that ties to your memory of the trip to some part of your password (front, middle, or end). E.g.,: Changing it in January, I might think of a recent sledding trip. Thus, for three months my password could be “sled” plus the rest of my complex password.

By: Anonymous

Anonymous — Fri, 26 Aug 2011 23:31:29 +0000

All great advice. However, it could still get confusing once you have many different ones to remember. I say, use these mnemonic tricks to develop one, really good, password.

Then use a password utility program to store ALL of your other passwords, encrypted with that REALLY GOOD one. Now, you don’t even need to know your passwords. You make them completely random, 15 char or so. You never see them, just decrypt, then cut and paste. In real use, it is easier than using a couple of weak passwords.

You can even put that encrypted file somewhere where you can find it (think web space, or even email), hell you can even use the same program on your smart phone if you choose wisely.

Also, read this xkcd and realize the scale of the problem: http://xkcd.com/936/
and this one: http://xkcd.com/792/

Realize that the second puts a huge hole int he password customization scheme. Once someone has phished one password, if they realize you are using a scheme, it is down to guessing the small unique part.

Since you can’t rely on websites be secure, totally random is a huge win.

By: joe

joe — Thu, 28 Apr 2011 10:41:20 +0000

@gerwin

nice try – all keys typed with the left hand move one key over to the right, all keys typed with the right hand move one key left

thus qwert becomes werty and poiu becomes oiuy

Don’t really think this is the way though – it’s pretty obvious (if you use dictionary words) and would probably lead to you thinking you are secure.

My personal way is to use a song or book I like (and that the site reminds me of in some way) and use that and some figures. This way, (like a mnemonic) I remember the site’s password by association to a song. Then I use the first letters of every word in the title and a number that fits with the site. If necessary, I then can separate the numbers and the letters with some chosen punctuation mark (which I tend to keep the same). This gets around simple minded security requirements.

Of course, I now have to remember the song or title of the book for the site, but that is a lot easier (and less hazardous to noting down if altzheimers starts to kick in) than remembering a random hash.

Thus an example may be: Pride and Predjudice, by Jane Austin (written in 1813)

PaPbJA!1813 (gives me a long version) or
PaP!1813 (gives me a short version) or
PaP1813 (gives me an “insecure” version)

Hope this helps

Joe

By: Sean Gates

Sean Gates — Tue, 08 Feb 2011 02:16:15 +0000

Oops, your filter broke it. Here it is again with entities:

$website = $_GET['website'];
$website = explode('.',$website);
$website = $website[0];
$next_char = substr($website, 2, 1);
$next_char = $next_char;
if (strlen($next_char) > 1) { // if you go beyond z or Z reset to a or A
$next_char = $next_char[0];
}
$new_password = substr($website, -1, 1).substr($website, 0, 1).'$#@!'.$next_char;
echo $new_password;

By: Sean Gates

Sean Gates — Tue, 08 Feb 2011 02:14:29 +0000

Here is a quick set of PHP code to do your algorithm above. Enjoy!
1) { // if you go beyond z or Z reset to a or A
$next_char = $next_char[0];
}
$new_password = substr($website, -1, 1).substr($website, 0, 1).’$#@!’.$next_char;
echo $new_password;
?>

By: Neoteny

Neoteny — Mon, 07 Feb 2011 11:16:26 +0000

I agree about that! I met that situation many times and it takes too many times to make my password back every time I made it! How ever this site gives me more info about that kind of problem,and it calls my attention to visit it again for more new types of info.

By: IJsbrand

IJsbrand — Thu, 13 Jan 2011 15:31:32 +0000

There are problems if a password have restrictions (I met this several times). Several sites don’t allow some special characters.

By: Gerwin

Gerwin — Tue, 21 Dec 2010 21:36:08 +0000

Sorenson on Mar 1st, 2009 said:
just remember an algoritm and make a last optional character called 1. Fill this character only where passwords need to change. Make the 1 for the next period a 2 and the next period a 3… and so on.

(instead of 1, 2, 3.. you can make it a b c, !@# QWE or whatever you want)

By: Gerwin

Gerwin — Tue, 21 Dec 2010 21:31:19 +0000

dont have an algoritmic myself…

but an intresting one could be:

first 6 characters of the web addres (aclean)and than typ it this way: svkrsb. Now its your turn to guess how i got it :)