Google Password Haystacks from http://grc.com Good stuff On Oct 24, 2011 8:02 AM, "Florin Iucha" <florin at iucha.net> wrote: > On Sun, Oct 23, 2011 at 08:51:40PM -0500, Harry Penner wrote: > > > I should try that. What I've been doing instead is using a certain > format > > > for the password, something like #:xx637FUbar where the xx part is > replaced > > > by a couple of letters based on the name of the machine or system I am > > > connecting to. That means that I have different passwords on every > system, > > > but I can still remember them. I guess it is theoretically possible > for > > > someone to figure out what I've done, but I think that is very > unlikely. > > > > > > Mike > > > > I've read in several 'security' places (conferences, blogs, etc, take > > 'em all with a grain of salt) that that's a very effective way to > > manage passwords. The idea being that (1) the main component of the > > password is "strong", but there's only one so it's not too hard to > > remember, and (2) the site-unique piece of the password prevents the > > vulnerability associated with using a single (however strong) password > > for multiple sites. Since it's completely unreasonable to expect a > > normal person to remember multiple "strong" passwords, it's what I > > recommend to extended family and friends. > > http://cuddletech.com/blog/?p=666 and xkcd make a good point in that we > should not be using pass-words but pass-phrases. More entropy and > easier on our brains. > > Cheers, > florin > > -- > Don't question authority! They don't know either. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20111024/7c6ac3b5/attachment.html>