GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm curious how people normally save passwords or what tricks do you use to remember them or to create easy-to-remember ones.
I'm asking that because:
1) I have a lot (10+) of various password-protected accounts.
2) All these accounts use different passwords.
3) Passwords are 8+ symbols long, containing letters from upper and lower register, numbers and "!@#$%^&*()-+"-like symbols, some are generated by scripts like this:
4) And normal security recommendation is to change every password once in a month. (Most people (including me) rarely do that)
So if I should modify every password once in a month, and every password should be "strong", this means that remembering all this will be problematic:
1) Writing passwords on the paper isn't good - you can lose paper.
2) Writing it into a text file isn't good either - if HDD breaks for some reason, I'll lose access to every password-protected account I have.
3) Using something like KWallet (storing passwords), browser "magic wand" mechanisms (Opera/Firefox) isn't good, either.
4) Using something like "KWallet" isn't always possible, because you might need to use passwords from another machine, and KWallet requires one master password which will unlock everything.
5) Using one password for everything also isn't good idea.
So what "tricks" do you use to remember/make passwords?
When I need to create strong passwords I run the md5sum command on some file, then cut the first 12 characters with the cut command and use that as a password.
Code:
md5sum somefile | cut -c 1-12
Sometimes I use the first letter of each word from a simple sentence to make a password.
I store my passwords in mysql and a text file which is encryted and a copy of both off my computer in a small safe. Just have copies of copies and you'll be safe.
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273
Rep:
I used to have a list of my passwords in an encrypted file in my mailbox and/or a list on an encrypted partition of my computer.
- Yes, it's true you might forget the password of the mailbox and/or the pass phrase of the encrypted file, but in that case your scr*wed anyway.
- It might be so that you can access your mailbox but there is no decryption programme on that computer. That's too bad, but it can't be helped.
Well, I guess, remembering all passwords is not optimal either, because there are always ways to make you talk, even if you don't want to...
By the way, in the old days I even had a file on my computer which was 'encrypted' with a book cipher, where the book I used was a special edition of a very old book so that a brute force attack by someone with a large library wouldn't be helpful. Looking through my personal library wouldn't have helped, since it was not very organized. Although nice at first, deciphering is a hell of a task if you don't automate it (in which case the cipher might be compromised easily).
Something in the category one-password-for-all I recently heard from a colleague: you can always take a good (long) password and permute the letters and numbers systematically:
Personally, I think it's rubbish if you want good security. Once one is compromised, I guess, all would quickly be, if the attacker would not be too stupid.
Some people have good memory and they remember their passwords (and change them), some have less good memory and they cheat somewhere (don't change passwords or circulate them for example) and some simply rely on a keyring manager or such, or a piece of paper. I think it's clear which method is best and which is the easiest..
First, I make the password by holding down and letting up on shift while rolling my face on the keyboard for a couple of seconds. Then I take the first 10 characters and stare at them until I remember the password. Then I use the password. Yup.
I probably should not tell you this, because it may help you log in with my accounts, but really it won't because I don't use H_TeXMeX_H anymore for any of my newer accounts where this applies.
I use some type of stable algorithm to make passwords for the site I am on. Let's say I'm at www.inbox.com as an example. My password would be m0cx0bn1www, can you guess how I derived it ? you can do more complicated algorithms, but make sure you use the same one for every password or you will forget the password. There is a vulnerability in this method in that if they figure out your algorithm they will know it for all your accounts, assuming you use the same name for all of them. You can also use an md5hash of it, or some other word in the site, something constant. But then you don't always have access to md5sum.
To generate password, I sometimes use mkpasswd. Otherwise, I think of a line in a song I like, take the first letters of each word in that line, replace a's with @'s, b's with 6's, t's with 7's, l's with !'s etc. It's easy to remember, as long as you want it to be, and I think reasonably strong. Also, it'd be tough for someone to guess which are your favourite songs, let alone which lines from those you've bothered/managed to remember!
I also know a good method for making long passwords that a difficult to forget. Your password (when read letter-by letter) should read as a verse. Numbers can be also part of the verse. You can actually remember very long passwords that way (22 characters or more), but inventing new "verse" for every password once in a month can be problematic.
It was inspired by this joke (should be read in russian):
Which clearly sounds as verse - has rhytm and rhyme.
Quote:
Originally Posted by H_TeXMeX_H
I use some type of stable algorithm to make passwords for the site I am on. Let's say I'm at www.inbox.com as an example. My password would be m0cx0bn1www, can you guess how I derived it ?
Address is written backwards, dots removed, several letters are replaced by similar-looking numbers. Reminds me this and this.
Writing it in 1337 speak will definitely help against dictionary attacks as they will be looking for words, maybe they even have dictionaries that encompass 1337 speak, even tho it can be written in many different ways, but to have it forwards and backwards, and be the name of the website or something on the website (maybe the title or a keyword) and backwards, that is not going to be in any dictionary.
EDIT: Oh, and I forgot about my computer login password, to make those I run my fingers along the keyboard in different directions. They're not likely to guess something like:
1'a;;o.e44pukkiif77ghmmtr00lsz-=
',.paoeu;qjk
'a;qo,.ejkupyixbdf
and so on
Note that I use the dvorak keyboard layout, so that makes it even harder.
Last edited by H_TeXMeX_H; 09-02-2008 at 12:14 PM.
For me i have a perl script that does something similar to that bash script and i can generate alphanumeric passwords that rangs from 10 characters to 50 chars...ok thats abit of a stretch i guess. But the tricky part is always remembering them cuz they end up sounding like modem noise
I keep a list of my passwords on a small notepad, which is then kept in a secure location, away from my computer. If I ever forget my password, I just get my notepad.
But the tricky part is always remembering them cuz they end up sounding like modem noise
This phrase gave me another (crazy, but useful) idea about generating passwords. You can take music tune (or chord), encode it's notation in letters/numbers and use result as password. The result might be pretty strong, depending on how exactly you encode data - if you want to make it more difficult, put dynamics and stacatto/legato notation into password as well - even knowing original tune you used, possible attacker might go nuts while trying to guess how you wrote it into password and which part of tune you used (example: "g1g1g1es4.5b.5g4", "^g-^g-^g-es.-b-^g" or "ttt39t39tppp-o539u". Made from the same tune.). Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).
Actually, it might be very useful for me and maybe it'll even solve password problem (I'm former musician).
Hmmm thats interesting. I never thought that would actually generate into a novel idea. Quick, when are the nobel prizes due. I oughtta get one for that
You know i always thought music was a keen to programming only that i have never really understood the concept of 5 bars(the staff i guess) and all the minims, semi-breves and quivers. I think anyone who is has a programming bone in them should understand music much easier but alas! I still dont know what tafa-tefe-ta-ta-aa means.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.