Recipe: Easy to remember, service specific and secure passwords

4 pointstorstesu15y ago6 comments

People, even tech-savvy ones, have a tendency to use a single or a low multiple of different passwords for different services, making them vulnerable to unauthorized access.

The challenge is how to make strong, service specific passwords which are easy to remember. Here is a recipe:

1. Construct a complex password key with a minimum length of 8 characters, e.g -Kr/2.pq4. 2. Make an algorithm based on the URL. E.g. news.ycombinator.com a) Take the last 4 characters in the URL, excluded the domain suffix: ator b) Shuffle the letters in a based on your algorithm: orat 3. Combine the password key and the output of your algorithm: orat-Kr/2.pq4 4. Always enjoy individual, secure and easy to remember passwords for any services.

The algorithm you use can off course be more complex, e.g. adding a characters in between, but the basic idea should be explained.

Recipe: Easy to remember, service specific and secure passwords

4 pointstorstesu15y ago6 comments

People, even tech-savvy ones, have a tendency to use a single or a low multiple of different passwords for different services, making them vulnerable to unauthorized access.

The challenge is how to make strong, service specific passwords which are easy to remember. Here is a recipe:

The algorithm you use can off course be more complex, e.g. adding a characters in between, but the basic idea should be explained.

6 comments

6 comments · 2 top-level

pwg15y ago· 4 in thread

Or, instead, you simply get yourself a copy of Password Gorilla ( https://github.com/zdia/gorilla/wiki ) and let it both generate truly random passwords for each service and securely store all those unique, truly random, passwords for you.

Andrenid15y ago

I do random-generated passwords for important things like root accounts, FTP accounts, and business-related email accounts, but then use a formula similar to the one in the first post for every-day stuff like forums, web apps, gmail, etc, so I can type them in from memory when i'm using them multiple times a day.

Oh, and KeePass (on my Android phone, Macbook, and home Win 7 PC) + Dropbox = heaven. The whole idea of a multi-platform password store with it's actual database file kept in Dropbox (or similar) is something i've been dreaming of and begging for, for years.

torstesuOP15y ago

True! Personally, i prefer remembering them by heart as i often need to access services from different devices, e.g. my smartphone. But for users not in the need of mobility, Password Gorilla will suffice.

pwg15y ago

As soon as a full Tcl/Tk environment is available on Android, Password Gorilla should run on an Android smartphone. Not there yet, but someday it will happen.

ralphc15y ago

Agree. On any given day I'm using so many devices at work, home, trying out Live CD's, etc. that I need some algorithm that I can just memorize and type in.

tgrass15y ago

After HBGary I went through and implemented this (throwing in algorithmic based use of symbols and prepending & appending algorithmic components.)

j / k navigate · click thread line to collapse