GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
PLEASE NOTE: All LQ Rules apply to the General forum. Flame wars, personal attacks, hostility, insults and behavior of that nature will not be tolerated. Differing opinions are one of the things that make this site great, but to benefit from differing opinions the discourse must happen respectfully and thoughtfully... without insult and personal attack. Members who are unable or unwilling to participate in General under those parameters will not be permitted to do so. If you see behavior of this nature please report it.
I'm curious how people normally save passwords or what tricks do you use to remember them or to create easy-to-remember ones.
I'm asking that because:
1) I have a lot (10+) of various password-protected accounts.
2) All these accounts use different passwords.
3) Passwords are 8+ symbols long, containing letters from upper and lower register, numbers and "!@#$%^&*()-+"-like symbols, some are generated by scripts like this:
4) And normal security recommendation is to change every password once in a month. (Most people (including me) rarely do that)
So if I should modify every password once in a month, and every password should be "strong", this means that remembering all this will be problematic:
1) Writing passwords on the paper isn't good - you can lose paper.
2) Writing it into a text file isn't good either - if HDD breaks for some reason, I'll lose access to every password-protected account I have.
3) Using something like KWallet (storing passwords), browser "magic wand" mechanisms (Opera/Firefox) isn't good, either.
4) Using something like "KWallet" isn't always possible, because you might need to use passwords from another machine, and KWallet requires one master password which will unlock everything.
5) Using one password for everything also isn't good idea.
So what "tricks" do you use to remember/make passwords?
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
I used to have a list of my passwords in an encrypted file in my mailbox and/or a list on an encrypted partition of my computer.
- Yes, it's true you might forget the password of the mailbox and/or the pass phrase of the encrypted file, but in that case your scr*wed anyway.
- It might be so that you can access your mailbox but there is no decryption programme on that computer. That's too bad, but it can't be helped.
Well, I guess, remembering all passwords is not optimal either, because there are always ways to make you talk, even if you don't want to...
By the way, in the old days I even had a file on my computer which was 'encrypted' with a book cipher, where the book I used was a special edition of a very old book so that a brute force attack by someone with a large library wouldn't be helpful. Looking through my personal library wouldn't have helped, since it was not very organized. Although nice at first, deciphering is a hell of a task if you don't automate it (in which case the cipher might be compromised easily).
Something in the category one-password-for-all I recently heard from a colleague: you can always take a good (long) password and permute the letters and numbers systematically:
Some people have good memory and they remember their passwords (and change them), some have less good memory and they cheat somewhere (don't change passwords or circulate them for example) and some simply rely on a keyring manager or such, or a piece of paper. I think it's clear which method is best and which is the easiest..
First, I make the password by holding down and letting up on shift while rolling my face on the keyboard for a couple of seconds. Then I take the first 10 characters and stare at them until I remember the password. Then I use the password. Yup.
I probably should not tell you this, because it may help you log in with my accounts, but really it won't because I don't use H_TeXMeX_H anymore for any of my newer accounts where this applies.
I use some type of stable algorithm to make passwords for the site I am on. Let's say I'm at www.inbox.com as an example. My password would be m0cx0bn1www, can you guess how I derived it ? you can do more complicated algorithms, but make sure you use the same one for every password or you will forget the password. There is a vulnerability in this method in that if they figure out your algorithm they will know it for all your accounts, assuming you use the same name for all of them. You can also use an md5hash of it, or some other word in the site, something constant. But then you don't always have access to md5sum.
To generate password, I sometimes use mkpasswd. Otherwise, I think of a line in a song I like, take the first letters of each word in that line, replace a's with @'s, b's with 6's, t's with 7's, l's with !'s etc. It's easy to remember, as long as you want it to be, and I think reasonably strong. Also, it'd be tough for someone to guess which are your favourite songs, let alone which lines from those you've bothered/managed to remember!
I also know a good method for making long passwords that a difficult to forget. Your password (when read letter-by letter) should read as a verse. Numbers can be also part of the verse. You can actually remember very long passwords that way (22 characters or more), but inventing new "verse" for every password once in a month can be problematic.
It was inspired by this joke (should be read in russian):
Writing it in 1337 speak will definitely help against dictionary attacks as they will be looking for words, maybe they even have dictionaries that encompass 1337 speak, even tho it can be written in many different ways, but to have it forwards and backwards, and be the name of the website or something on the website (maybe the title or a keyword) and backwards, that is not going to be in any dictionary.
EDIT: Oh, and I forgot about my computer login password, to make those I run my fingers along the keyboard in different directions. They're not likely to guess something like:
and so on
Note that I use the dvorak keyboard layout, so that makes it even harder.
Last edited by H_TeXMeX_H; 09-02-2008 at 01:14 PM.
For me i have a perl script that does something similar to that bash script and i can generate alphanumeric passwords that rangs from 10 characters to 50 chars...ok thats abit of a stretch i guess. But the tricky part is always remembering them cuz they end up sounding like modem noise
But the tricky part is always remembering them cuz they end up sounding like modem noise
This phrase gave me another (crazy, but useful) idea about generating passwords. You can take music tune (or chord), encode it's notation in letters/numbers and use result as password. The result might be pretty strong, depending on how exactly you encode data - if you want to make it more difficult, put dynamics and stacatto/legato notation into password as well - even knowing original tune you used, possible attacker might go nuts while trying to guess how you wrote it into password and which part of tune you used (example: "g1g1g1es4.5b.5g4", "^g-^g-^g-es.-b-^g" or "ttt39t39tppp-o539u". Made from the same tune.). Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).
Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).
Hmmm thats interesting. I never thought that would actually generate into a novel idea. Quick, when are the nobel prizes due. I oughtta get one for that
You know i always thought music was a keen to programming only that i have never really understood the concept of 5 bars(the staff i guess) and all the minims, semi-breves and quivers. I think anyone who is has a programming bone in them should understand music much easier but alas! I still dont know what tafa-tefe-ta-ta-aa means.