frustrate shouldservers

Sun Feb 5 10:31:55 UTC 2017

Before the Navy changed over to smartcards passwords had to be 16 
characters with two numbers two upper case two lower case and two 
symbols in them as a minimum.

On Sat, 4 Feb 2017, Eric Oyen wrote:

> Date: Sat, 4 Feb 2017 22:19:19
> From: Eric Oyen <eric.oyen at icloud.com>
> Reply-To: Linux for blind general discussion <blinux-list at redhat.com>
> To: Linux for blind general discussion <blinux-list at redhat.com>
> Subject: Re: frustrate shouldservers
> 
> well, so far, I have managed to keep track of all of mine. However, some sites I go to won't let me use any of the more interesting characters on the keyboard (like: !@#$%^&*()"':;?/.>,< ) which can get rather annoying.
>
> Now as to how I do it, the first (of 3 parts) of the password I use is a leet speak modified version of a long word. the second is a leet speak version of the website name and the third part is the date I joined (in MM/DD/YYYY:HH:MM:SS format). like I said, good luck breaking that!SOmetimes, like the interesting character issue above, I have to change things because the length is too long. grrrrr. why can't website developers use REAL security? seriously, 10 characters is definitely not enough.
>
> here is an example of what I might use: 4s7r0n0m3rACHAN12/24/1999:23:51:13 please note that this particular one is 34 characters long. Decoded to english it reads astronomer  4chan 12/24/1999 23:51:13
>
>
> now, who would know exactly when I joined a site. the site name would be obvious (assuming anyone could crack it) and the first word is just that, a proper noun. With my head for numbers, math and sciences, its a pretty easy formula for me to keep in head. :) btw, run that password through a password strength detector and watch it peg the meter all the way to the right on strength. :) btw, the noun I used above in the password string will not be used as I have other science interests (and there are so many of them!).
>
> so, thoughts?
>
> -eric
> from the central office of the Technomage Guild.
>
> On Feb 4, 2017, at 6:45 PM, Tim Chase wrote:
>
>> On February  4, 2017, Eric Oyen wrote:
>>> btw, I use a fairly simple password scheme thats easy for me to
>>> remember and nearly impossible for anyone to guess it. it's how I
>>> managed to keep over 200 passwords in my head.
>>
>> I used to use the site's name inserted into my password
>> prefix/suffix, so if my prefix was "maul4wafted" and my suffix was
>> "^mage18", my Amazon password would have been
>> "maul4waftedAmazon^mage18".  Which is a pretty good password if the
>> site is responsible with using strong salted hashes to store them.
>> However, I've seen enough breaches where best practices were *not*
>> followed, so if a password such as that were leaked, it wouldn't be
>> hard to deduce that my Twitter password might be
>> "maul4waftedTwitter^mage18"
>>
>> The other problem with that is certain sites got bought-out and
>> changed names, so then I'd have to remember that, even though I'm
>> logging into First United bank currently, I have remember that it used
>> to be Farmers & Merchants bank and that's what I used to create the
>> password.
>>
>> So after seeing a couple such breaches and fighting to remember
>> name-changes, I stopped using that method and switched to outsourcing
>> my passwords to a manager where I only needed to remember one master
>> password.
>>
>>> still, the older I get, the harder this will get. so, an additional
>>> outboard tool or two won't hurt me in the least.
>>
>> And with my 40th coming up all too soon, I'm more than willing to let
>> the computer do most of the remembering for me. (grins)
>>
>> -tim
>>
>>
>>
>>
>> _______________________________________________
>> Blinux-list mailing list
>> Blinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/blinux-list
>
>
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list
>

-- 