TIP: Manage Infinite Passwords
Link: https://dannyman.toldme.com/2007/12/04/tip-manage-infinite-passwords/
Problem: You have logins to a bajillion things and that is too many unique passwords to remember. Maybe you remember a half dozen passwords, if you’re lucky, but you would prefer to have a unique password for each account so the hackers can’t get you.
One approach is to always generate a new password when you get access to a new account, and store that somewhere safe. Sticky notes on your monitor? A GPG-encrypted file with a regularly-changing hash? Either way, you have to account for what happens if someone else gets access to your password list, or you yourself can not access this password list. I am not fond of this approach.
My Tip: I suggest instead of storing passwords, you come up with a couple of ways to “hash” unique passwords depending, on say, a web site’s name.
For example, if you were really lame, and you used the password “apple” for everything, you’d make things better if instead, say, you replaced the the ‘pp’ part with the first three letters of your web site’s name.
For example:
Yahoo: “apple” becomes “ayahle”
Google: “apple” becomes “agoole”
Amazon: “apple” becomes “aamale”
MSN: “apple” becomes “amsnle”
Apple: “apple” becomes “aapple”
Now, you can get a lot more creative than that, like using a non-dictionary word, mixing up letter cases and punctuation, etc.
Try a more advanced hash:
– Start with a pass-phrase “apples are delicious, I eat one every day”
– Take the last letter from each word: “sesiteyy”
– Capitalize the last half of the passphrase: “sesiTEYY”
– Stick the first three letters of the web site’s name in the middle: “sesi___TEYY”
– If the third letter you insert is a vowel, follow it with a “!” otherwise, add an “@”
– Change the first letter that you can from the substitution: a becomes a 4, e becomes a 3, i becomes a 1, and o becomes a zero
Now you get:
Yahoo: sesiy4h@TEYY
Google: sesig0o!TEYY
Amazon: sesi4ma!TEYY
MSN: sesimsn@TEYY
Apple: sesi4pp@TEYY
It is best if you have a few different schemes you can use: some web sites reject strong passwords, so having a really bad password handy is good, and some places you’ll want extra secure. For example, use a different “hash” for your bank passwords, just in case your “every day” hash is compromised.