On Sun, Oct 23, 2011 at 08:51:40PM -0500, Harry Penner wrote: > > I should try that. What I've been doing instead is using a certain format > > for the password, something like #:xx637FUbar where the xx part is replaced > > by a couple of letters based on the name of the machine or system I am > > connecting to. That means that I have different passwords on every system, > > but I can still remember them. I guess it is theoretically possible for > > someone to figure out what I've done, but I think that is very unlikely. > > > > Mike > > I've read in several 'security' places (conferences, blogs, etc, take > 'em all with a grain of salt) that that's a very effective way to > manage passwords. The idea being that (1) the main component of the > password is "strong", but there's only one so it's not too hard to > remember, and (2) the site-unique piece of the password prevents the > vulnerability associated with using a single (however strong) password > for multiple sites. Since it's completely unreasonable to expect a > normal person to remember multiple "strong" passwords, it's what I > recommend to extended family and friends. http://cuddletech.com/blog/?p=666 and xkcd make a good point in that we should not be using pass-words but pass-phrases. More entropy and easier on our brains. Cheers, florin -- Don't question authority! They don't know either. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20111024/08091bca/attachment.pgp>