Excellent advice for generating and maintaining your passwords

[Read the post]

I don’t have to worry about my password. It’s the same one as my luggage!

8 Likes

It sure would be nice if the places that let me set passwords would just let me use words that I can remember instead of mAk1ng m# r3m3mB3r! th)s s*rT *F tH@ng?

3 Likes

Great advice if you only have one password to remember.

3 Likes

I have trouble remembering mine so I use a super secret management system

12 Likes

Why not just get a password manager? There are good ones available for free personal use. I have 12 character randomly-generated passwords, they are entered on my behalf, and I only need to keep track of the single password for access to the “Vault.”

Why take the work onto myself?

2 Likes

Ï”Űčá¶ČáŸ‹á”â„ąâˆšâ†”ing Wired.

I’m not using an Ad-blocker!

I’m at a workplace that restricts the browsers I can use and the content I can see!

Let me see the article!

3 Likes

Use a password manager.
Use Diceware to generate a memorable master password for your password manager.
Done.

1 Like

I just recently cracked 100 in my spreadsheet.

Yeah, it’s horrifying that I have a spreadsheet (definitely bothers me), but it’s equally horrifying the idea that I have to remember 100 passwords to just run my online life.

There’s no satisfying solution to the problem that I’ve seen so far. I thought the pitbull wallet was very promising, but alas, it never got made.

1 Like

I keep a notebook of acronyms. I do so because my memory is not what it used to be.

What teh hell am I talking about? Its how I generate unique passwords for sites while keeping them in written form so I can remember them.

I go to a site, say Ars Technica. I make up a sentence that is related to the site, something like “Ars Technica is my go to for tech news” (that’s not the actual one I use)
I create an acronym of the sentence - atimgtftn
I use a rule for generating upper case, do it for all duplicate consonants. aTimgTfTn
One more rule, leet speak the first vowel and any duplicates - 4TimgTfTn

and now I have a unique password for my Ars Technica login. Since I don’t write down my ‘rules’ all that anyone will see in my notebook is “Ars Technica is my go to for tech news”

1 Like

I suppose you could write down fake rules to deceive those who would peek in your notebook. Such a pity that those employing the fake ones would not then be caught by the revolving knives trap you set.

1 Like

Shouldn’t the first suggestion be: “Use a password manager that randomly generates and stores unique passwords for each site?”

1 Like

So I don’t run afoul of copyright issues here’s my paraphrase of the steps. I hope this’ll do.

  1. Keep it short.

  2. Make it distinctive. Very distinctive. The more bizarre the better.

  3. Special characters are like sugar: they should be sprinkled all over.

  4. Don’t use the same password in two different places.

  5. Frequent changing of passwords is a bad idea, and so is making others change their passwords frequently.

  6. Relax. The best thing to do is stick to the basics and remember they make you statistically less likely to be hacked.

  7. Programs should be designed with more than one level of authentication—like putting multiple doors on a safe.

4 Likes

This is a timely post for me because I’m currently creating my own password infrastructure from the ground up, and my one problem with this idea is that I frequently need to use computer labs and I don’t know a way to carry a password manager with me. I love, love, LOVE the idea of having a physical password USB “key” to carry though.

Also, I adapted Diceware to playing cards. It’s a lot faster because you have enough cards to draw eight after one shuffle.

So “Fuckyourpasswordrules1!” is a weak password? (Oh wait, that’s not allowed by half of sites because they require your password to be between 8 and 16 characters)

4 Likes

I use KeePass on my computer, and save its encrypted database in a Dropbox folder, and I run Dropbox and MiniKeePass on my iPhone.

It’s not ideal-- to get the latest version of the password database on my phone, I have to launch the Dropbox app, select the database file, and “Open in MiniKeePass”; and to save updates from my phone, I have to “Open in Dropbox” from MiniKeePass. But it works (and doesn’t cost money).

Anyone got a smoother process?

3 Likes

What password manager do you use?

Link to Diceware?

A walled garden link to Diceware:

My “password manager” are encrypted text files I store on multiple places (USB sticks, mail, etc) - I use openssl for en/decryption, a (for me) ubiquitous tool as I use only computers with an installed version.

2 Likes

Diceware is actually a concept not a piece of software (unless it is one, I don’t know). You make a huge table of words and literally roll dice to determine which of those words to string together to make a password. Since each word is a word it’s fairly easy to remember the short phrase you rolled up but it has extremely high entropy.

Okay, I need something less techy to manage my passwords. I have literally gotten to the point where I give up on trying to remember what site has what password.

1 Like