I think the main obstacles to your getting a good password system are:
- Fear. The sheer drag of having to make another change is discouraging. I hope this post will give you some ideas, optimism, and energy.
- Uncertainty. You aren't sure about what needs to go into a good password system. Hopefully this post can resolve that.
- Doubt. You feel changing your password system won't be a permanent solution. You feel the situation is hopeless. I hope I can resolve that and get you excited about a once-and-for-all renovation to your password system.
So, here we go.
You'd like a password system that balances all these criteria:
- Long enough. Very important. Some sites require at least 8 characters.
- Short enough. You should have a "base security" portion of your password of just 6 characters including all and only lower case letters, upper case letters, and numbers. Some sites allow only those. You can/should customarily pad it as discussed below.
- Memorable. Nothing written down.
- Typeable. Typing difficulty doesn't equal security. Make it easy for you to type.
- Adaptable. Plan so the same system can handle broad circumstances.
- Includes lower case letters.
- Includes upper case letters.
- Includes numbers.
- Includes a dot.[Update 2009-03-06: I visited a site that permitted only underscores and a single period for its own security. Arrggh. However, this site also disallowed my valid email address, so there may be hope.]
- Includes other printable characters.
- Base security portion. 6 consecutive characters that meet criteria 2 through 8 above.
- Addition 1. One more character that adds criterion 9.
- Addition 2. One more character that adds criterion 10.
- Expandable portion. An expandable sequence that you add (even a repeat of portions of your password) when a system requires you to increase the length of your password. Examples: 98765432109876543210... zyxpdqZYXPDQzyxpdqZYXPDQ... "Mary had a little lamb Mar...." . You may need to write this portion down, because you probably won't be using it very often. It may be better from a security perspective to make it either unrelated to the rest of the password or similarly unintelligible.
Examples:
George Washington: I chopped down a cherry tree in 1741. I am building an amazon.com password today.
- Base security portion. Ic41ac (I chopped (tree in) 41 amazon com)
- Addition 1. Ic.41ac
- Addition 2. Ic.41ac#
- Expandable version if amazon requires 12 characters. acacIc.41ac# (amazon com amazon com I chopped . (tree in) 41 # ...)
- Base security portion. e3HPl (googl"e"3 HectoPounds lifted)
- Addition 1. e.3HPl
- Addition 1. e.3HPl@
- Expandable version. "e.3HPl@googlegoog..."(mere domain repeat at end)
- Base security portion. a12E1l (apostles 12 Ebay 1 lost) (you decided to capitalize the first letter of the domain name every time).
- Addition 1. a12E.1l
- Addition 2. a12E.1l-
- Expandable version. a12E.1l-JudasJudasJuda....
If any web site disallows any portion, you just have to omit it and report it here.
Let me know if this helps or if you have thoughts.
Tom
No comments:
Post a Comment