Before the Navy changed over to smartcards passwords had to be 16
characters with two numbers two upper case two lower case and two
symbols in them as a minimum.
On Sat, 4 Feb 2017, Eric Oyen wrote:
Date: Sat, 4 Feb 2017 22:19:19
From: Eric Oyen <eric.oyen@xxxxxxxxxx>
Reply-To: Linux for blind general discussion <blinux-list@xxxxxxxxxx>
To: Linux for blind general discussion <blinux-list@xxxxxxxxxx>
Subject: Re: frustrate shouldservers
well, so far, I have managed to keep track of all of mine. However, some sites I go to won't let me use any of the more interesting characters on the keyboard (like: !@#$%^&*()"':;?/.>,< ) which can get rather annoying.
Now as to how I do it, the first (of 3 parts) of the password I use is a leet speak modified version of a long word. the second is a leet speak version of the website name and the third part is the date I joined (in MM/DD/YYYY:HH:MM:SS format). like I said, good luck breaking that!SOmetimes, like the interesting character issue above, I have to change things because the length is too long. grrrrr. why can't website developers use REAL security? seriously, 10 characters is definitely not enough.
here is an example of what I might use: 4s7r0n0m3rACHAN12/24/1999:23:51:13 please note that this particular one is 34 characters long. Decoded to english it reads astronomer 4chan 12/24/1999 23:51:13
now, who would know exactly when I joined a site. the site name would be obvious (assuming anyone could crack it) and the first word is just that, a proper noun. With my head for numbers, math and sciences, its a pretty easy formula for me to keep in head. :) btw, run that password through a password strength detector and watch it peg the meter all the way to the right on strength. :) btw, the noun I used above in the password string will not be used as I have other science interests (and there are so many of them!).
so, thoughts?
-eric
from the central office of the Technomage Guild.
On Feb 4, 2017, at 6:45 PM, Tim Chase wrote:
On February 4, 2017, Eric Oyen wrote:
btw, I use a fairly simple password scheme thats easy for me to
remember and nearly impossible for anyone to guess it. it's how I
managed to keep over 200 passwords in my head.
I used to use the site's name inserted into my password
prefix/suffix, so if my prefix was "maul4wafted" and my suffix was
"^mage18", my Amazon password would have been
"maul4waftedAmazon^mage18". Which is a pretty good password if the
site is responsible with using strong salted hashes to store them.
However, I've seen enough breaches where best practices were *not*
followed, so if a password such as that were leaked, it wouldn't be
hard to deduce that my Twitter password might be
"maul4waftedTwitter^mage18"
The other problem with that is certain sites got bought-out and
changed names, so then I'd have to remember that, even though I'm
logging into First United bank currently, I have remember that it used
to be Farmers & Merchants bank and that's what I used to create the
password.
So after seeing a couple such breaches and fighting to remember
name-changes, I stopped using that method and switched to outsourcing
my passwords to a manager where I only needed to remember one master
password.
still, the older I get, the harder this will get. so, an additional
outboard tool or two won't hurt me in the least.
And with my 40th coming up all too soon, I'm more than willing to let
the computer do most of the remembering for me. (grins)
-tim
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list
--
_______________________________________________
Blinux-list mailing list
Blinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/blinux-list