LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 09-01-2008, 02:28 PM   #1
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Question Storing/remembering passwords


Hello

I'm curious how people normally save passwords or what tricks do you use to remember them or to create easy-to-remember ones.
I'm asking that because:
1) I have a lot (10+) of various password-protected accounts.
2) All these accounts use different passwords.
3) Passwords are 8+ symbols long, containing letters from upper and lower register, numbers and "!@#$%^&*()-+"-like symbols, some are generated by scripts like this:
Code:
#!/bin/sh
cat /dev/urandom| tr -dc '0-9a-zA-Z!@#$%^&*_+-'|head -c 12;echo
4) And normal security recommendation is to change every password once in a month. (Most people (including me) rarely do that)

So if I should modify every password once in a month, and every password should be "strong", this means that remembering all this will be problematic:
1) Writing passwords on the paper isn't good - you can lose paper.
2) Writing it into a text file isn't good either - if HDD breaks for some reason, I'll lose access to every password-protected account I have.
3) Using something like KWallet (storing passwords), browser "magic wand" mechanisms (Opera/Firefox) isn't good, either.
4) Using something like "KWallet" isn't always possible, because you might need to use passwords from another machine, and KWallet requires one master password which will unlock everything.
5) Using one password for everything also isn't good idea.

So what "tricks" do you use to remember/make passwords?

Last edited by ErV; 09-01-2008 at 02:30 PM.
 
Old 09-01-2008, 05:11 PM   #2
dv502
Member
 
Registered: Sep 2006
Location: USA - NYC
Distribution: Whatever icon you see!
Posts: 642

Rep: Reputation: 57
When I need to create strong passwords I run the md5sum command on some file, then cut the first 12 characters with the cut command and use that as a password.

Code:
md5sum somefile | cut -c 1-12
Sometimes I use the first letter of each word from a simple sentence to make a password.

I store my passwords in mysql and a text file which is encryted and a copy of both off my computer in a small safe. Just have copies of copies and you'll be safe.

Hopefully...

Last edited by dv502; 09-01-2008 at 05:40 PM.
 
Old 09-02-2008, 09:21 AM   #3
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Rep: Reputation: 32
I used to have a list of my passwords in an encrypted file in my mailbox and/or a list on an encrypted partition of my computer.

- Yes, it's true you might forget the password of the mailbox and/or the pass phrase of the encrypted file, but in that case your scr*wed anyway.

- It might be so that you can access your mailbox but there is no decryption programme on that computer. That's too bad, but it can't be helped.

Well, I guess, remembering all passwords is not optimal either, because there are always ways to make you talk, even if you don't want to...

By the way, in the old days I even had a file on my computer which was 'encrypted' with a book cipher, where the book I used was a special edition of a very old book so that a brute force attack by someone with a large library wouldn't be helpful. Looking through my personal library wouldn't have helped, since it was not very organized. Although nice at first, deciphering is a hell of a task if you don't automate it (in which case the cipher might be compromised easily).

Something in the category one-password-for-all I recently heard from a colleague: you can always take a good (long) password and permute the letters and numbers systematically:

Password 1: hello123
Password 2: 3hello12
Password 3: 23hello1

etc.

Personally, I think it's rubbish if you want good security. Once one is compromised, I guess, all would quickly be, if the attacker would not be too stupid.

Last edited by unihiekka; 09-02-2008 at 09:30 AM.
 
Old 09-02-2008, 09:25 AM   #4
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
See this thread too.

Some people have good memory and they remember their passwords (and change them), some have less good memory and they cheat somewhere (don't change passwords or circulate them for example) and some simply rely on a keyring manager or such, or a piece of paper. I think it's clear which method is best and which is the easiest..
 
Old 09-02-2008, 10:14 AM   #5
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
Shrug... I confess. I use the KDE Wallet.

On Windows, and on Macintosh, I use similar "encrypted keychain" facilities.

I back-up the keychains to a thumb drive.
 
Old 09-02-2008, 10:26 AM   #6
j.todd
Member
 
Registered: Feb 2008
Location: Michigan
Distribution: Debian GNU/Linux Unstable
Posts: 144

Rep: Reputation: 16
First, I make the password by holding down and letting up on shift while rolling my face on the keyboard for a couple of seconds. Then I take the first 10 characters and stare at them until I remember the password. Then I use the password. Yup.
 
Old 09-02-2008, 10:28 AM   #7
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I probably should not tell you this, because it may help you log in with my accounts, but really it won't because I don't use H_TeXMeX_H anymore for any of my newer accounts where this applies.

I use some type of stable algorithm to make passwords for the site I am on. Let's say I'm at www.inbox.com as an example. My password would be m0cx0bn1www, can you guess how I derived it ? you can do more complicated algorithms, but make sure you use the same one for every password or you will forget the password. There is a vulnerability in this method in that if they figure out your algorithm they will know it for all your accounts, assuming you use the same name for all of them. You can also use an md5hash of it, or some other word in the site, something constant. But then you don't always have access to md5sum.
 
Old 09-02-2008, 10:37 AM   #8
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
To generate password, I sometimes use mkpasswd. Otherwise, I think of a line in a song I like, take the first letters of each word in that line, replace a's with @'s, b's with 6's, t's with 7's, l's with !'s etc. It's easy to remember, as long as you want it to be, and I think reasonably strong. Also, it'd be tough for someone to guess which are your favourite songs, let alone which lines from those you've bothered/managed to remember!
 
Old 09-02-2008, 10:56 AM   #9
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by b0uncer View Post
See this thread too.
Interesting.

I also know a good method for making long passwords that a difficult to forget. Your password (when read letter-by letter) should read as a verse. Numbers can be also part of the verse. You can actually remember very long passwords that way (22 characters or more), but inventing new "verse" for every password once in a month can be problematic.

It was inspired by this joke (should be read in russian):
Quote:
2 15 42
42 15
37 08 5
20 20 20


38 46
0 4 20
7 08 33
20 20 20


45 108 2


47 16
3 4 502
20 20 20


7 14 100 0
0 0 0 13
37 08 5
20 20 20
In russian it reads as:
Quote:
dwa, pyatnadtsat', sorok dva
sorok dva, pyatnadtsat'.
tridtsat' sem', nol' vosem, pyat'
dvadtsat', dvadtsat', dvadtsat'

... (and so on)
Which clearly sounds as verse - has rhytm and rhyme.

Quote:
Originally Posted by H_TeXMeX_H View Post
I use some type of stable algorithm to make passwords for the site I am on. Let's say I'm at www.inbox.com as an example. My password would be m0cx0bn1www, can you guess how I derived it ?
Address is written backwards, dots removed, several letters are replaced by similar-looking numbers. Reminds me this and this.

Last edited by ErV; 09-02-2008 at 11:02 AM.
 
Old 09-02-2008, 01:09 PM   #10
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by ErV View Post
Reminds me this and this.
Whoah, that's weird, I didn't know about those

Writing it in 1337 speak will definitely help against dictionary attacks as they will be looking for words, maybe they even have dictionaries that encompass 1337 speak, even tho it can be written in many different ways, but to have it forwards and backwards, and be the name of the website or something on the website (maybe the title or a keyword) and backwards, that is not going to be in any dictionary.

EDIT: Oh, and I forgot about my computer login password, to make those I run my fingers along the keyboard in different directions. They're not likely to guess something like:
1'a;;o.e44pukkiif77ghmmtr00lsz-=
',.paoeu;qjk
'a;qo,.ejkupyixbdf
and so on
Note that I use the dvorak keyboard layout, so that makes it even harder.

Last edited by H_TeXMeX_H; 09-02-2008 at 01:14 PM.
 
Old 09-02-2008, 03:01 PM   #11
immortaltechnique
Member
 
Registered: Oct 2006
Location: Kenya
Distribution: Ubuntu, RHEL, OpenBSD
Posts: 287

Rep: Reputation: 32
For me i have a perl script that does something similar to that bash script and i can generate alphanumeric passwords that rangs from 10 characters to 50 chars...ok thats abit of a stretch i guess. But the tricky part is always remembering them cuz they end up sounding like modem noise
 
Old 09-02-2008, 04:02 PM   #12
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Fedora (Desktop), CentOS (Server), Knoppix (Diags)
Posts: 934

Rep: Reputation: 38
I keep a list of my passwords on a small notepad, which is then kept in a secure location, away from my computer. If I ever forget my password, I just get my notepad.
 
Old 09-02-2008, 06:21 PM   #13
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by immortaltechnique View Post
But the tricky part is always remembering them cuz they end up sounding like modem noise
This phrase gave me another (crazy, but useful) idea about generating passwords. You can take music tune (or chord), encode it's notation in letters/numbers and use result as password. The result might be pretty strong, depending on how exactly you encode data - if you want to make it more difficult, put dynamics and stacatto/legato notation into password as well - even knowing original tune you used, possible attacker might go nuts while trying to guess how you wrote it into password and which part of tune you used (example: "g1g1g1es4.5b.5g4", "^g-^g-^g-es.-b-^g" or "ttt39t39tppp-o539u". Made from the same tune.). Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).

Last edited by ErV; 09-02-2008 at 06:36 PM.
 
Old 09-02-2008, 09:45 PM   #14
immortaltechnique
Member
 
Registered: Oct 2006
Location: Kenya
Distribution: Ubuntu, RHEL, OpenBSD
Posts: 287

Rep: Reputation: 32
Code:
Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).
Hmmm thats interesting. I never thought that would actually generate into a novel idea. Quick, when are the nobel prizes due. I oughtta get one for that

You know i always thought music was a keen to programming only that i have never really understood the concept of 5 bars(the staff i guess) and all the minims, semi-breves and quivers. I think anyone who is has a programming bone in them should understand music much easier but alas! I still dont know what tafa-tefe-ta-ta-aa means.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Storing usernames and passwords on the web? concoran Linux - General 9 03-28-2008 04:55 PM
Storing passwords Ze MoreirA Linux - Security 1 08-13-2007 06:41 AM
Suggestions for storing passwords on FreeRadius kemplej Linux - Software 0 03-11-2005 01:08 PM
Software for storing numerous id/passwords Nick1104 Linux - Newbie 2 03-11-2004 11:19 AM
Remembering Passwords 4hp Mandriva 5 09-03-2003 12:05 PM


All times are GMT -5. The time now is 10:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration