"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:NPSdnX__ep68rzrS...@giganews.com:
Amazing (sadly) how users think they need software to compensate for
laziness or lack of initiative to come up with their own password
algorithm based on their own personal data (that they will always
remember) and which uses the domain to modify their password so it is
unique at every domain where they login.
There are lots of personal sources for components that you could use in
building your password:
- The constonants of your middle and last name up to, say, 4 chars long.
Reverse them if you like (probably not needed).
- Middle, last, and first initials of your name (or some other order).
- A couple digits from your birthdate, like last digit for the month and
last digit of your birthyear (e.g., 03/04/1980 use 30). Or use your
birthday and birthmonth in reverse order.
- The 2 contiguous digits in the middle of your SSN, or the 3rd digit
and the 7th digit, or more digits if you want more, and even reverse
them if you like.
- Just the constonants or just the vowels from your eye color shown on
your driver's license (versus what you'd like to have described as
your color) up to, say, a max of 3 characters long.
Lots of other components can be used to build the password all of which
come from your personal information that you will always remember. If
you chose to reverse order some of the components, do it on all
components so you don't have to remember which are forward or reverse
ordered. You might use 3 pieces of personal info which comprise 3
components or substrings of your password. Each uses the same scheme to
obfuscate from where that substring was derived. The order of these
components is always the same so not much to remember there (I'd suggest
the first component be alphabetic since some sites don't like passwords
that begin with numbers). Your personalized password would be all
lowercase. Some sites want a couple uppercase characters in the
password, so pick a 2 or 3 characters that you uppercase. If the 1st
entry doesn't work, capitalize those fixed selection of characters and
try again. 2 tries and you'll get into a site that you don't remember
wants some uppercase characters in it.
Okay, so now you have a jumbled mess of characters based on personal
info which doesn't look like anything recognizable to others but is
always static (because that personal info is for your entire lifetime so
don't use a street address because you may move or a phone number that
may change). However, you don't want to use the same static password on
every site. You want to use the domain for the site to modify your
otherwise static string.
- Last N characters of the domain portion of the site's URL.
- First 2 characters and last 2 characters of their domain.
- For a really short domain (e.g.,
ibm.com), use some portion of the TLD
(.com, .net, .org, etc). Don't use the hostname ("www" is way too
common and the hostname may change at a domain but the domain is very
likely to remain the same for a long time or as long as you use it).
You use this domain-specific string, always the same for the domain
because your algorithm always picks the same set of characters from it,
to modify your otherwise static personal-info string. You could append
the domain modifier, append it, stick it in the middle, or something
crazy like insert each character from the domain string in every other
character position in the personal string.
Once you get used to this, it takes all of a couple of seconds to
cogitate when visiting a site as to what is your password there. Faster
than having to install or call up software to retrieve stored passwords.
You don't need to tote around the software on a laptop or thumb drive or
its database. You don't lose your password database because you lost
your USB memory stick. It's in your head. It's based on info that you
will always remember. Once you come up with the pieces of personal info
to use and in what order for each piece and for what order the pieces
are in your string, that pretty much becomes engrained in your memory.
Then you just add in the domain to modify this string somehow (which is
always the same way) to make it unique at each site.
Considering how popular is software like this, it's sad that users are
incapable of remembering algorithms or that they think they have to
memorize multiple strings for unique passwords at different sites. I
use a password scheme that has just 2 components in it based on my
personal info and a 3rd component based on the domain where I am logging
in. The scheme gives me a strong password. At sites that require some
uppercase characters, it's always the same 2 eligible characters that I
use in my 2nd login attempt (because the 1st attempt was all lowercase).
It's so damn simple that it seems trivial to anyone to whom I explain
how I came up with my password. Without knowing the algorithm used to
build the password, it looks like garbage that varies with each domain.
It's sad users need software to do this.
--
Bear
http://bearware.info