Attention: We have retired the ASP.NET Community Blogs. Learn more >

RE: Remembering passwords...

Sorin Dolha suggests in the comments to this post that rather than coming up with a unique password for each site, or having several remembered passwords, or resorting to the "whoops... I forgot my password" form on most websites that a methodology should be implemented instead. For example, if my methodology is the number of letters of the domain name, followed by the $ sign, followed by my first name, and some random year I like...say the year I first went online, then my password for amazon might be: "6$Jason$1990"; (or you could be more complex). Fun, easy, and annoying to hack. Great reasoning Sorin! This is another of those "Now why didn't I think of that first?" ideas...

It looks like the number of passwords that I have to remember grows linearly over time. Since I don't have the best mnemotechnic abilities I decided today that it is OK to just forget them. Then, I just tell the whatever-site-I-must-log-on that I've forgot my password and ask it to send it by email (or reset it) each time my cookie expires. Then I simply cut & paste the password from the received email and voila, everything seems to work fine. This also allows me to implement real cryptic passwords without any fear that I might forget them later.

P.S. Yes, I know that SMTP is not really a secure protocol... :-)

162143
[Via Adi Oltean]

3 Comments

  • I've been doing something like that for a number of years now and it works out very well. My method is slightly different of course, but the principle is the same. I now have a hundred passwords throughout the Internet and only one or two are the same... and I almost never forget any of them.



    Some sites limit the number of characters a password can be and that always throws a wrench in my scheme. Seriously, who thought that was a good idea? One of those sites was a credit card company too. *shakes head*

  • what bugs me all to $#^#&^$&#&!!! is the places that don't want to let me use stuff like !@#$%^&*(){}[]<>|\/?`~ in a password!



    then comes the "Must have 6 characters"

    now for a bank account or some thing critical ok ... but for say a web sites chat board??



    heck if I want a password of 1]# why not? if it's just to post messages?



    and when it's a bank and they force me to use > 6 charatcers but wont let me use say

    my$n#9th3(

    which I think would be hard to crack....

    but they will let me put in say 5551212

    or some other trivial string? what gives!

  • John: very interesting; I'll have to give that software a deeper look...thanks for the link!

Comments have been disabled for this content.