Remembering unlimited passwords

Published 8 June 2011

You probably hate all your passwords, just like me. I have tons of them and I use tools like 1Password and KeePass to store them relatively safe with a masterpassword. I also have a few strong passwords I reuse a little too often; like anybody does. However, I also have some smart passwords which are unique and easy to remember. Especially for websites. Without telling my exact method, I can tell you my formula to easy to remember unique passwords.

Good programs, websites and tools never store your password. They should always store a ‘reference’ to your password, called a hash. You can recognize these sites, because they will never ever send you your password, even when you try the recovery method. Instead they will send you a new, temporary, difficult(!) password or send you to a time-limited link to change it. If a site sends you your password upon request, distrust them and never use a password which you use for other purposes! If they will be hacked, all passwords will be readily available.

But even when they properly store your hash, instead of your password, your are not 100% safe either, because hashes can be regenerated by brute force attacks or, when you use a stupid password, by a dictionary attack. Both ways are tried methods and more succesful than you would expect.

This is why there are a few tricks. I want to teach you one:

A proper way to avoid a dictionary attack is to make the dictionary ‘bigger’. This is done by implementing more characters than just a-z en 0-9. A-Z helps, but !^%$#*()_-=+ are even better. But there is another possibility:

What if you choose a strong password and ‘salt‘ it, making a new password each time. Let me explain by an example:

Let’s assume you need a password for your Google account. Google has a URL of www.google.com.

You use a part of their address and use it to enhance your password. Let’s assume your ‘strong password’ is ‘starship’ written as *sh1p. (okay, perhaps a lame example, but let’s stick with it). And you live in the Netherlands, which has a TLD of nl. Now your easy to remember, salted password might be “*sh1p@google.NL”. Likewise your password for Yahoo is “*sh1p@yahoo.NL”. See?

In this example I used a ‘mailadress mnemonic’, but you can easily use something else. Perhaps “google-NL-*sh1p” or “*sh1p/NL/google”. Anything is okay and the passwords become pretty decent AND easy to remember.

Let me know if this works for you too!?

strelitzia.net

Bio

This is strelitzia.net, the personal domain of Jeroen Zomer.

A strelitzia is a special kind of flower. Although Jeroen doesn't have green fingers, his wife has. They both have some special, undefinable feelings for the strelitzia. It was chosen in the blink of an eye back in 2001 when only companies could register a .nl domain. Strelitzia.net somehow stuck.

Jeroen lives in The Netherlands, with his wife and beautiful daughter. He is trying to learn to play the guitar, loves cats and likes his BMW R1150GS motorcycle. He owns and operates many computers, running Windows, OSX, Linux and FreeBSD.

He specialized in IBM WebSphere and IBM security products. Jeroen works as a consultant and IT architect in internet technology and IT security related areas.

strelitzia.net

Bio

Categories

Administration

Random Quote

New: Recipe blog

Archives

Search

Tags

Remembering unlimited passwords