eric.oyen at icloud.com
Sun Feb 5 03:19:19 UTC 2017
well, so far, I have managed to keep track of all of mine. However, some sites I go to won't let me use any of the more interesting characters on the keyboard (like: !@#$%^&*()"':;?/.>,< ) which can get rather annoying.
Now as to how I do it, the first (of 3 parts) of the password I use is a leet speak modified version of a long word. the second is a leet speak version of the website name and the third part is the date I joined (in MM/DD/YYYY:HH:MM:SS format). like I said, good luck breaking that!SOmetimes, like the interesting character issue above, I have to change things because the length is too long. grrrrr. why can't website developers use REAL security? seriously, 10 characters is definitely not enough.
here is an example of what I might use: 4s7r0n0m3rACHAN12/24/1999:23:51:13 please note that this particular one is 34 characters long. Decoded to english it reads astronomer 4chan 12/24/1999 23:51:13
now, who would know exactly when I joined a site. the site name would be obvious (assuming anyone could crack it) and the first word is just that, a proper noun. With my head for numbers, math and sciences, its a pretty easy formula for me to keep in head. :) btw, run that password through a password strength detector and watch it peg the meter all the way to the right on strength. :) btw, the noun I used above in the password string will not be used as I have other science interests (and there are so many of them!).
from the central office of the Technomage Guild.
On Feb 4, 2017, at 6:45 PM, Tim Chase wrote:
> On February 4, 2017, Eric Oyen wrote:
>> btw, I use a fairly simple password scheme thats easy for me to
>> remember and nearly impossible for anyone to guess it. it's how I
>> managed to keep over 200 passwords in my head.
> I used to use the site's name inserted into my password
> prefix/suffix, so if my prefix was "maul4wafted" and my suffix was
> "^mage18", my Amazon password would have been
> "maul4waftedAmazon^mage18". Which is a pretty good password if the
> site is responsible with using strong salted hashes to store them.
> However, I've seen enough breaches where best practices were *not*
> followed, so if a password such as that were leaked, it wouldn't be
> hard to deduce that my Twitter password might be
> The other problem with that is certain sites got bought-out and
> changed names, so then I'd have to remember that, even though I'm
> logging into First United bank currently, I have remember that it used
> to be Farmers & Merchants bank and that's what I used to create the
> So after seeing a couple such breaches and fighting to remember
> name-changes, I stopped using that method and switched to outsourcing
> my passwords to a manager where I only needed to remember one master
>> still, the older I get, the harder this will get. so, an additional
>> outboard tool or two won't hurt me in the least.
> And with my 40th coming up all too soon, I'm more than willing to let
> the computer do most of the remembering for me. (grins)
> Blinux-list mailing list
> Blinux-list at redhat.com
More information about the Blinux-list