This is topic Remembering passwords in forum Books, Films, Food and Culture at Hatrack River Forum.


To visit this topic, use this URL:
http://www.hatrack.com/ubb/main/ultimatebb.php?ubb=get_topic;f=2;t=049094

Posted by katharina (Member # 827) on :
 
I have about three dozen passwords to remember. I classify them as follows:

1. Low security: news, fun, throwaway websites where I really don't care if someone figures it out.

2. Medium security: online e-mail accounts, live journal, forums.

3. High security: bank, ebay, online merchants.

4. Super-high security: work passwords. These MUST change regularly, all be distinct from one another, be at least nine characters long, and include numbers and special characters. Also, not allowed to write them down anywhere.
I can store them in my Blackberry, but since my Blackberry has a fairly easy password (plus, I hate my Blackberry and leave it turned off except during emergency drills), that doesn't help.

How do y'all remember passwords? Anyone use a system? The best I've come up with is to base the passwords on the first letters in a line of poetry, but since there is a lot of alliteration in poetry, a couple of my logins won't allow me to use letters that would go together and that doesn't work. Any suggestions?
 
Posted by BlackBlade (Member # 8376) on :
 
Does every new password have to be different from ALL previous passwords? I had a rotating password login for work and I just switched back and forth between two passwords.
 
Posted by katharina (Member # 827) on :
 
Yep - the new password cannot be the same as any of the previous five passwords. At that point, I can't remember six passwords back and it might as well be new.
 
Posted by mr_porteiro_head (Member # 4644) on :
 
I use EWallet to store all of my passwords.
 
Posted by Sharpie (Member # 482) on :
 
Scripture quotations, using first letters and citations, are one of my solutions - (other kinds of quotations and citations, too, but I was a memorizer as a kid, so they still are in my silly brain). So like FGsltwtHgHobsj316 is John 3:16 (depending on your translation [Smile] ) and you have caps for those passwords that require both upper and lower case. (I know that's only the beginning of the verse...) I don't know how frowned upon that type of device is. I'm not a security expert whatsoever.
 
Posted by brojack17 (Member # 9189) on :
 
I have the fingerprint scanner on my HP laptop. I scan my fingerprint once and never have to remember a single password. I have forgotten every one I use now.

It's great when I am on my computer but not good when I am on another computer.

I like it anyway.
 
Posted by FlyingCow (Member # 2150) on :
 
You're lucky - my work computer won't let me repeat any of my last 14 passwords!
 
Posted by Shawshank (Member # 8453) on :
 
I don't make up any passwords for work- I just have to use the ones they give me. (All of which are pretty easy to figure out if you know the store number)

Personally I just use the same password for everything (a nice 8 letter P-Word)- unless it requires numbers then I add a digit on there. In which case it's always the same digit.
 
Posted by TomDavidson (Member # 124) on :
 
Katie: buy a fingerprint scanner.
 
Posted by katharina (Member # 827) on :
 
Okay, I confess. I'm writing an article for the newsletter on this, so I need suggestions that will work for the whole service. I had the bit about using lines from lyrics or poetry, but I like the part about using scripture because it comes with numbers.

Sadly, my own system is to write them all down. I know I'm not supposed to and hopefully I won't now encounter someone looking shifty on my way out of work, but there it is.
 
Posted by Icarus (Member # 3162) on :
 
My intranet account at the district requires a new password every ninety days, and it can't be any password I've ever used before.

And there's nothing of any value to anybody in the intranet. It's just that the geeks who run this show have gotten too powerful.

I have a system for remembering passwords. All my high security passwords (as opposed to things like Hatrack) are variations on the same word. I won't be too specific, but I have a system for replacing certain of the letters with certain specific numbers, and another for adding different letters to each one based on what it's to.

For example, let me take something that isn't my password or my system. Let's say my common password is pencil. But I replace the E with the number 5 and the C with the number 3, because they're the fifth and third letters in the alphabet, respectively, giving me a common password of p5n3il. Now let's say I always capitalize the last letter, so that something is capitalized, but not the first letter. So I have p5n3iL. Now let's say that I append at the beginning the first two letters of what the password is for--but the first one is not capitalized and the second one is. So for Hatrack (hypothetically) it would be hAp5n3iL, for Sakeriver it would be sAp5n3iL, for my online banking, bAp5n3iL, for my insurance company iNp5n3iL, and so forth. As for the site that requires a new one every ninety days, I just add two numerals on the end, and iterate those: iNp5n3iL01, iNp5n3iL02, iNp5n3iL03, and so forth. That way almost every site has a different password, they are not intelligible as words, they contain letters and numbers, and odd capitalization, but I don't need to write them down anywhere, because I know what they were all based on, including the predictable--to me--system that I used to transform them.
 
Posted by Icarus (Member # 3162) on :
 
My work computer has a fingerprint scanner. It's nice, but I find it doesn't work for all applications, for whatever reason.
 
Posted by maui babe (Member # 1894) on :
 
We just had a security training here at work about this. I have a hierarchy of passwords similar to yours and have to come up with completely new passwords every so often for one of my work applications. I can't even use similar passwords for that one and it drives me nuts.

I like the idea of using a line of scripture or song lyric, also. Lately, I've used whatever song I happen to be listening to, then make a note of the artist until it sinks in ... so I have a cryptic note on my desk that says "Paul Simon" instead of the actual passwords.
 
Posted by pH (Member # 1350) on :
 
I use variations on inside jokes from childhood.

-pH
 
Posted by katharina (Member # 827) on :
 
Icky, that's an awesome system. Thank you.

The worst is my time and attendance web page. No numbers together, no letters in a row, no letters that are next to each in the alphabet, no letters together that are often together in words, no numbers in a sequence, even if separated by letters, no repeating passwords, and it changes every two months.

Also, if your password won't qualify, it doesn't offer suggestions for what will. It just says no, and you have to try again.

It's horrendous. And completely pointless, because the rules are so draconian and create passwords that are impossible to remember and they change every two months, so every one I know has it written down on a piece of paper in their desk.
 
Posted by brojack17 (Member # 9189) on :
 
quote:
Originally posted by Icarus:
My work computer has a fingerprint scanner. It's nice, but I find it doesn't work for all applications, for whatever reason.

The only one that doesn't really work for me is MS Outlook. I can remember that one.
 
Posted by Tante Shvester (Member # 8202) on :
 
S!ITNOL -- The first letters in the song "Stop in the Name of Love"

But usually, I just pick my favorite soup. The problem is, for security reasons, I never divulge the name of my favorite soup, which makes it hard to order in restaurants.
 
Posted by Icarus (Member # 3162) on :
 
quote:
Originally posted by katharina:
The worst is my time and attendance web page. No numbers together, no letters in a row, no letters that are next to each in the alphabet, no letters together that are often together in words, no numbers in a sequence, even if separated by letters, no repeating passwords, and it changes every two months.

Also, if your password won't qualify, it doesn't offer suggestions for what will. It just says no, and you have to try again.

It's horrendous. And completely pointless, because the rules are so draconian and create passwords that are impossible to remember and they change every two months, so every one I know has it written down on a piece of paper in their desk.

That is unbelievably lame. And, as you note, does a disservice to security. Geeks have to balance the usability of a system with its other features. (I feel the same way about video games that are hyperrealistic but unplayable, and about role-playing campaigns that are so rule-focused (and realism focused) as to be unplayable.

If you use my system in an article, make the base word--instead of "pencil"--"icarus." [Wink]
 
Posted by TomDavidson (Member # 124) on :
 
My current administrative password for our network is the first line of a poem I enjoy.
 
Posted by The Pixiest (Member # 1863) on :
 
I make up words, add capitalization and numbers if appropriate. I write them down on a post it and put it in my pocket for a week, then I put the post it in the shredder when I'm sure I've got it down pat.
 
Posted by FlyingCow (Member # 2150) on :
 
I essentially use the same concept as Icarus, with slight modification.

I have a memorized group of random alphanumerics (an old video game password from waaay back in the day), and then I add a three digit extension at the end for whatever website I'm using(as opposed to his adding at the beginning).
 
Posted by Dagonee (Member # 5818) on :
 
Mine is the "pick a phrase and take the first letter of the words" method when I have to, using a phrase with numbers when necessary.
 
Posted by MrSquicky (Member # 1802) on :
 
quote:
The worst is my time and attendance web page. No numbers together, no letters in a row, no letters that are next to each in the alphabet, no letters together that are often together in words, no numbers in a sequence, even if separated by letters, no repeating passwords, and it changes every two months.

Also, if your password won't qualify, it doesn't offer suggestions for what will. It just says no, and you have to try again.

It's horrendous. And completely pointless, because the rules are so draconian and create passwords that are impossible to remember and they change every two months, so every one I know has it written down on a piece of paper in their desk.

Ironically, assuming that someone trying to break into the system knows about these rules, they would make breaking into the system much easier.
 
Posted by Joldo (Member # 6991) on :
 
Variations on lines of nursery rhymes.

My password for work, f'rinstance, was several variations on a line from the rhyme "How Many Miles to Babylon".

Thus:
Threescoremilesandten
3scoremiles&ten
3scoremiles&10
threescoremilesand10
seventy

And so on.
 
Posted by Nighthawk (Member # 4176) on :
 
Do what my sister does: put a card in her Rolodex. "P" is for "Passwords"...

The first card in her Rolodex is "A"... for "Alarm Codes"...

God, I wish I was making that up.


For the high end systems, like network servers, databases, etc... I pick a given word, long word usually, and then shift my fingers in a certain direction. For example, if the word I choose is "hello", I decide to shift my fingers one key up and to the left, and it becomes "y3oo9". Therefore, once I position my hands in the right place, I can type the password without looking, hoever complex it may appear to be.
 
Posted by xnera (Member # 187) on :
 
quote:
I pick a given word, long word usually, and then shift my fingers in a certain direction.
My dad does this.

I do the "first letter of a phrase" thing, with numbers added. Often lyrics, but I also make up phrases that have meaning to me but aren't likely to be guessed. I do the cryptic note thing, too. For example, if I'm using a lyric I might just write down the first name of the singer. That's usually enough to trigger memory of the password.
 
Posted by Goody Scrivener (Member # 6742) on :
 
Man, I'm really lucky.... the only passwords I've had to change have been sites where I did a reset request after not having been there in years.

I use the same three passwords depending on the security level, very much like katharina. I don't have a Level 4. Oh, I take that back. One site is completely oddball because it requires a 4-digit like an ATM PIN, no letters or specials allowed. So all my level 1s have one password that's one combination of letters and numbers and somewhat obvious to people that know me. All my level 2s have another letter/number combination that would take more personal knowledge of me to crack. And the level 3s use a letter/number/special combo that was randomly generated for me by someone else without knowing they did it LOL.

Someone here once posted a decrypt calculator site, you put in a potential password and it determines approximately how long a decrypt program would need to hack it. My Level 1 takes about 6 hours, Level 2 a day and a half, and Level 3 a couple weeks.
 
Posted by Icarus (Member # 3162) on :
 
That was me. [Smile]
 
Posted by rivka (Member # 4859) on :
 
quote:
Originally posted by Icarus:
I have a system for remembering passwords. All my high security passwords (as opposed to things like Hatrack) are variations on the same word. I won't be too specific, but I have a system for replacing certain of the letters with certain specific numbers, and another for adding different letters to each one based on what it's to.

For example, let me take something that isn't my password or my system. Let's say my common password is pencil. But I replace the E with the number 5 and the C with the number 3, because they're the fifth and third letters in the alphabet, respectively, giving me a common password of p5n3il. Now let's say I always capitalize the last letter, so that something is capitalized, but not the first letter. So I have p5n3iL. Now let's say that I append at the beginning the first two letters of what the password is for--but the first one is not capitalized and the second one is. So for Hatrack (hypothetically) it would be hAp5n3iL, for Sakeriver it would be sAp5n3iL, for my online banking, bAp5n3iL, for my insurance company iNp5n3iL, and so forth. As for the site that requires a new one every ninety days, I just add two numerals on the end, and iterate those: iNp5n3iL01, iNp5n3iL02, iNp5n3iL03, and so forth. That way almost every site has a different password, they are not intelligible as words, they contain letters and numbers, and odd capitalization, but I don't need to write them down anywhere, because I know what they were all based on, including the predictable--to me--system that I used to transform them.

You are such a math geek. [Big Grin]

It is an awesome system, and I am making a note of it for future use. Unfortunately, I don't think it will work for any of the government systems I have passwords for -- several of which I don't use nearly regularly enough to remember passwords. (Sometimes it's 5 times in one day, and sometimes it's not for a couple weeks.) And each of which has its own set of restrictions in terms of letters, numbers, special characters, lack of similarity to previous passwords, etc.

I store them all elsewhere, protected by a password that I know. [Razz]
 
Posted by ludosti (Member # 1772) on :
 
I often use words from other languages (this is especially fun with languages that are not based on the Latin alphabet, so transliteration is involved), sometimes changing out letters for numbers, ala l337 speak. For example, if I needed a password for a cat oriented site, I might choose to use the Bulgarian word for cat - kotka - so for a password, I can use kotka, k0tka, k07k4, etc.
 
Posted by otterk10 (Member # 10463) on :
 
As a sports fan, I use the first letter of a couple of player's last name and their jersey number on a given team. For example, If I choose the Washington Wizards, then my password would be A0B3J4 because Arenas is # 0, Butler is #3, and Jamison is #4.
 
Posted by ricree101 (Member # 7749) on :
 
I have about 5 or so "half passwords" that are more or less random, but are short enough to easily remember. Then I just combine two of them together to form a password. That way, if I forget a password then at worst I only have to go through all permutations of the passwords to get it.
 
Posted by Artemisia Tridentata (Member # 8746) on :
 
quote:
I often use words from other languages
I often use Aztec words if I can have an alpha only password. For something more complicated, how easy would it be to have a card system like Uncle uses? On an Army computer, you have an impossible to remember password, but it is electronically encripted on a "Common Access Card". You put the card in a card reader and activate it with a simple numeric pin. You have to have the card and the pin to enter the system. The card readers don't look expensive.
 
Posted by AvidReader (Member # 6007) on :
 
I take a normal word from whatever's been going on lately and change the letters to l337. Since I always change the same letters to their number and special equivilants, I just have to remember what word I'm using.

I do have an email in Outlook reminding me what the rules are for each site I have to log into. I can never remember who needs 8-16 characters, who needs exactly 8, etc. One even claims it needs at least five but won't take anything but five. There's a headache til you learn the trick.
 
Posted by rivka (Member # 4859) on :
 
Why an email? I'd make it a note.
 
Posted by MightyCow (Member # 9253) on :
 
The whole password hysteria is kind of overblown. If you have a simple password, and nobody ever tries to crack it, it's perfectly secure.

If you have a crazy, high-security password, and someone tries to get it, they can probably crack it with enough time and effort, or if they can't, they can find someone who wrote it down, trick someone into divulging it, install a key-logging program, or just find a security flaw in the software and get around the password completely.
 
Posted by Tstorm (Member # 1871) on :
 
I also use password 'layers' or a hierarchy. Mine's arranged around categories, essentially.

My work passwords all start with the same letter, my e-mail passwords (except for work) begin with the same letter, my computer passwords begin with the same letter, etc ad naseum. In all these categories, the passwords usually contain mixed-case letters, numbers, and symbols. They're all at least eight characters long, and I do rotate them to completely new passwords, periodically. I strive not to use these passwords on any untrusted computers, too. By 'untrusted', I mean any computers I don't know the security status of.

I do have a super-secure password, significantly longer, and used only for one purpose.

I also have a few passwords I have shared openly with friends, for our minimal security needs.
 
Posted by anti_maven (Member # 9789) on :
 
I am in IT security professionally... Despite knowing better I have used the same password on 99% of my internet accounts since '97...


Physician, heal thyself....

BTW - pass-phrases are the way forward, like Tante Schvester's example.

[ June 28, 2007, 07:38 AM: Message edited by: anti_maven ]
 
Posted by rollainm (Member # 8318) on :
 
quote:
Originally posted by Icarus:
My intranet account at the district requires a new password every ninety days, and it can't be any password I've ever used before.

And there's nothing of any value to anybody in the intranet. It's just that the geeks who run this show have gotten too powerful.

I have a system for remembering passwords. All my high security passwords (as opposed to things like Hatrack) are variations on the same word. I won't be too specific, but I have a system for replacing certain of the letters with certain specific numbers, and another for adding different letters to each one based on what it's to.

For example, let me take something that isn't my password or my system. Let's say my common password is pencil. But I replace the E with the number 5 and the C with the number 3, because they're the fifth and third letters in the alphabet, respectively, giving me a common password of p5n3il. Now let's say I always capitalize the last letter, so that something is capitalized, but not the first letter. So I have p5n3iL. Now let's say that I append at the beginning the first two letters of what the password is for--but the first one is not capitalized and the second one is. So for Hatrack (hypothetically) it would be hAp5n3iL, for Sakeriver it would be sAp5n3iL, for my online banking, bAp5n3iL, for my insurance company iNp5n3iL, and so forth. As for the site that requires a new one every ninety days, I just add two numerals on the end, and iterate those: iNp5n3iL01, iNp5n3iL02, iNp5n3iL03, and so forth. That way almost every site has a different password, they are not intelligible as words, they contain letters and numbers, and odd capitalization, but I don't need to write them down anywhere, because I know what they were all based on, including the predictable--to me--system that I used to transform them.

I use a fairly similar system - at least at work anyway. I should probably adopt something like it for my personal passwords as well. I'm constantly forgetting those.
 
Posted by Mathematician (Member # 9586) on :
 
I usually use song titles/lyrics to come up with the letters. For any numbers, well, there's a whole slew of mathematical constants.

I've used passwords that involve sqrt(3) written out, e, pi, etc.
 
Posted by TheTick (Member # 2883) on :
 
quote:
Originally posted by maui babe:
Lately, I've used whatever song I happen to be listening to, then make a note of the artist until it sinks in ... so I have a cryptic note on my desk that says "Paul Simon" instead of the actual passwords.

This is not unlike what I do. I make note of a word that isn't the actual password, just something to remind me of it. Pirates! might mean the password is actually Ninja, with a number after that I don't write down. I can manage to remember a 1-3 digit number.
 
Posted by Farmgirl (Member # 5567) on :
 
Our system requires people with admin priviledges (like me) to have a 15 character complex password (upper case, lower case, numbers, special characters). You can often easily do this using a simple sentence (I greatly dislike the whole "use the first letter of each word of a sentence" -- I would rather just use a sentence, complete with punctuation, itself). Most systems now allow you to use spaces

Such as: Don't 4get the trash! (example only)

I also uses lines designed like email addresses, only they are passwords: "Terminator@123go"

For personal stuff I have about 5 variations on the same overall theme. It I go to a site and don't remember my password and/or username, I can usually get it after a couple of tries via variations on what I know is my base choice.

Most of my personal passwords (I probably shouldn't mention this) are based on words spelled backwards. (like "Enicidem") I figure they would be harder to break that any recognizeable word.

quote:
The whole password hysteria is kind of overblown. If you have a simple password, and nobody ever tries to crack it, it's perfectly secure.
We actually have auditors whose JOB it is to try to crack our system passwords -- so the can report our weaknesses before someone unscrupilious does

FG
(Unfortunately I guess you were asking how to REMEMBER them, not how to create them. I don't know how I remember them. I just do)
 
Posted by striplingrz (Member # 9770) on :
 
I work for a large company.
We have a ridiculous amount of systems that require passwords, and to my dismay, they each seem to have different rules.

To solve for this, I found a free password program. I really like it. I'm sure there are more out there, but when you find something you like you stick with it.

http://www.accessmanager.co.uk/
 
Posted by JennaDean (Member # 8816) on :
 
quote:
usually, I just pick my favorite soup. The problem is, for security reasons, I never divulge the name of my favorite soup, which makes it hard to order in restaurants.
[Laugh] Shvester!
 


Copyright © 2008 Hatrack River Enterprises Inc. All rights reserved.
Reproduction in whole or in part without permission is prohibited.


Powered by Infopop Corporation
UBB.classic™ 6.7.2