in

ASP.NET Weblogs

Jason Nadal

Restless C#ding

RE: Remembering passwords...

Sorin Dolha suggests in the comments to this post that rather than coming up with a unique password for each site, or having several remembered passwords, or resorting to the "whoops... I forgot my password" form on most websites that a methodology should be implemented instead. For example, if my methodology is the number of letters of the domain name, followed by the $ sign, followed by my first name, and some random year I like...say the year I first went online, then my password for amazon might be: "6$Jason$1990"; (or you could be more complex). Fun, easy, and annoying to hack. Great reasoning Sorin! This is another of those "Now why didn't I think of that first?" ideas...

It looks like the number of passwords that I have to remember grows linearly over time. Since I don't have the best mnemotechnic abilities I decided today that it is OK to just forget them. Then, I just tell the whatever-site-I-must-log-on that I've forgot my password and ask it to send it by email (or reset it) each time my cookie expires. Then I simply cut & paste the password from the received email and voila, everything seems to work fine. This also allows me to implement real cryptic passwords without any fear that I might forget them later.

P.S. Yes, I know that SMTP is not really a secure protocol... :-)

[Via Adi Oltean]
Published Jun 28 2004, 08:10 PM by thejay2

Comments

 

Zk said:

I've been doing something like that for a number of years now and it works out very well. My method is slightly different of course, but the principle is the same. I now have a hundred passwords throughout the Internet and only one or two are the same... and I almost never forget any of them.

Some sites limit the number of characters a password can be and that always throws a wrench in my scheme. Seriously, who thought that was a good idea? One of those sites was a credit card company too. *shakes head*
June 28, 2004 8:21 PM
 

denny said:

what bugs me all to $#^#&^$&#&!!! is the places that don't want to let me use stuff like !@#$%^&*(){}[]<>|\/?`~ in a password!

then comes the "Must have 6 characters"
now for a bank account or some thing critical ok ... but for say a web sites chat board??

heck if I want a password of 1]# why not? if it's just to post messages?

and when it's a bank and they force me to use > 6 charatcers but wont let me use say
my$n#9th3(
which I think would be hard to crack....
but they will let me put in say 5551212
or some other trivial string? what gives!
June 28, 2004 10:08 PM
 

John S. said:

http://keepass.sourceforge.net I keep the "password" on my thumb drive which restricts access to the DB unless I'm physically there. Or if I've been robbed.
June 28, 2004 10:34 PM
 

Jason Nadal said:

John: very interesting; I'll have to give that software a deeper look...thanks for the link!
June 28, 2004 10:42 PM

Leave a Comment

(required)  
(optional)
(required)  
Add
Terms of Use