Although it is clear that a good generator will make viable passwords, I have two colliwobbles about it. First, you've never seen most of your passwords, and you don't even know what they are. I'm sure that's viable for some folks (you explicitly note that it makes you happy), but it would scare the pants off me. Second, as you point out, it creates the possibility of a single point of failure, and that scares me even worse. I'd write down the master PW on three pieces of paper, and put them into three separate safety deposit boxes (or, in your case, two safety deposit boxes and one fire safe). Nothing quite like having an offsite backup, in case the fire safe becomes inaccessible for whatever bizarro-world reason. Third (forget the ruddy Spanish Inquisition, already), there's no amusement in it. ...Not that that really matters, in the Greater Scheme of Things, but still.
My algorithm for passwords: Find a random Windows product key. Reverse the digits, then randomly reverse the clusters of letters. Add random non-alphanumeric characters between each set of alphanumerics. Memorize the hell out of that sucker.
Of course, just in case I forgot, I wrote it down and put it up on my refrigerator.
For 90% of the folks out there, a good standby is two unrelated words separated by a number and a symbol. cat*67boat for instance. generally easy to remember, (easier if you make a mnemonic) resistant to dictionary attack, and simple enough for Mom or Dad to get comfortable enough with that they might actually start using different passwords for different things. Yes, for high security stuff, something more complex like Mr. Singer shows above would be far better, but as a first step to help those who use their daughter's birthday and middle name as the password for their email, bank account, facebook login and workplace login password, it's a good start.
I would have posted this other than Anonymously, but Livejournal wanted to access my name, address, date of birth, friends list, blood type, mother's maiden name, etc. Sorry. If my name and IP isn't good enough, oh well, you just get my IP address.
Alas, if you read the article I added a link to, you'll discover that this method is no longer viable. It appears that a good cracking program does hundreds of billions of tests per second, and can perform an exhaustive search of a remarkably large character space in very short time. I don't think anything less than 12 chars is viable any more, and I don't think anything that uses real words is particularly good. Sigh.
I am perfectly okay with you posting Anonymously; you have my apologies for being slow about unscreening your cmts and getting back to you on them.
i use a strategy somewhat similar to Jon's, but for regularly changing passwords, as at the office, i draw keywords from two or more newspaper front page stories.
looking at Saturday's paper i would get something like "Ford Biennale cleaning"- top stories of the Globe and Mail being Rob Ford, Venice Biennale, and"feminism's final frontier-who cleans the toilet bowl".
my passwords go in a password keeper app on my Blackberry, which will will "self-destruct" or security wipe on ten bad passwords. my hints go on a novelty pad headed "my secret passwords".
Comments 7
(The comment has been removed)
Although it is clear that a good generator will make viable passwords, I have two colliwobbles about it. First, you've never seen most of your passwords, and you don't even know what they are. I'm sure that's viable for some folks (you explicitly note that it makes you happy), but it would scare the pants off me. Second, as you point out, it creates the possibility of a single point of failure, and that scares me even worse. I'd write down the master PW on three pieces of paper, and put them into three separate safety deposit boxes (or, in your case, two safety deposit boxes and one fire safe). Nothing quite like having an offsite backup, in case the fire safe becomes inaccessible for whatever bizarro-world reason. Third (forget the ruddy Spanish Inquisition, already), there's no amusement in it. ...Not that that really matters, in the Greater Scheme of Things, but still.
Hope to see you & yours in a little over a week.
Best
jon
Reply
Find a random Windows product key.
Reverse the digits, then randomly reverse the clusters of letters.
Add random non-alphanumeric characters between each set of alphanumerics.
Memorize the hell out of that sucker.
Of course, just in case I forgot, I wrote it down and put it up on my refrigerator.
Reply
Best
jon
Reply
I would have posted this other than Anonymously, but Livejournal wanted to access my name, address, date of birth, friends list, blood type, mother's maiden name, etc. Sorry. If my name and IP isn't good enough, oh well, you just get my IP address.
Reply
Alas, if you read the article I added a link to, you'll discover that this method is no longer viable. It appears that a good cracking program does hundreds of billions of tests per second, and can perform an exhaustive search of a remarkably large character space in very short time. I don't think anything less than 12 chars is viable any more, and I don't think anything that uses real words is particularly good. Sigh.
I am perfectly okay with you posting Anonymously; you have my apologies for being slow about unscreening your cmts and getting back to you on them.
Best
jon
Reply
looking at Saturday's paper i would get something like "Ford Biennale cleaning"- top stories of the Globe and Mail being Rob Ford, Venice Biennale, and"feminism's final frontier-who cleans the toilet bowl".
my passwords go in a password keeper app on my Blackberry, which will will "self-destruct" or security wipe on ten bad passwords. my hints go on a novelty pad headed "my secret passwords".
Reply
Best
jon
Reply
Leave a comment