[LINK] Guidance re Passwords

Rachel Polanskis grove at zeta.org.au
Tue Jul 26 14:39:36 AEST 2011 

On 26/07/2011, at 14:05, Gordon Keith <gordonkeith at acslink.net.au> wrote:

> On Sat, 23 Jul 2011 10:40:50 AM Roger Clarke wrote:
>> It's good to see that this is better than most:
>> http://www.staysmartonline.gov.au/factsheets/factsheet_15
>> (I like this bit: 'To make a password easy to remember, think of a 
>> pass phrase and then change some of the characters to make it a 
>> strong password';  although the examples are unrealistic).
> 
> My preference is to come up with a password strategy that involves numbers.
> 
> For example if I have relatives John, Mary and Fred:
> John's birthdate is 14 November 1981
> Mary's birthdate is 15 March 1975
> Fred's birthdate is 27 July 2011
> 
> I get get:
> J'sbdi14Nov1981
> M'sbdi15Mar1975
> F'sbdi27July2011
> 
> Then always use the shift key when typing in numbers (you can't see them 
> anyway and funny characters are stronger than numerics):
> 
> J'sbid!$Nov!(*!
> M'sbdi!%Mar!(&%
> F'sbdi@&Jul@)!!
> 
> These are faily strong passwords. If I can remember my system I can get the 
> password from the name e.g. gmail is John, Facebook is Mary, so writing down 
> the name is reasonable.
> 
> I can have as many passwords as people's birthdates I know or can lookup.
> 
> Addresses and bible quotations are also good sources of numbers.
> John's address is 51 Main Rd 7011
> J'ai%!MR&)!!
> 
> However I think the best suggestion I have seen for a password is still:
> '); drop table password;
> 
> Regards
> Gordon


I use a rotation of words made up from "leetspeak" so that the password "fishhead" 
for example, would write out as F!#h34d. and so on.   This works well because then the passwd
could be a mnemonic for what I am logging into without being obvious,   
The key is that you need to be able to use all the characters on your keyboard to do this, which some more simple login schemes will not.   But an aggressively strong password should at least allow you to extend your characters to include more than just a-Z, 0-9 and so on. 

 A lot of sites do not allow this, though as their checking algorithm is probably one of the low level ones or written in house, etc....   If I have anything to do with configuring an app,
usually I turn strong passwd checking, extended characters and the like...


rachel
--
rachel polanskis 
<r.polanskis at uws.edu.au> 
<grove at zeta.org.au>

More information about the Link mailing list