Wendy
couldn't you use a password generator?but then i guess it saves all of your passwords on their site thus giving someone else the "piece of paper" and your main password (which is used to generate all of the other ones)...
|
||||
Comments:Wendycouldn't you use a password generator?but then i guess it saves all of your passwords on their site thus giving someone else the "piece of paper" and your main password (which is used to generate all of the other ones)... DaveI don't have a problem coming up with 10-character passwords. I have a problem remembering them.RichI will inform you that I have both a name and a face.Having recently been on a committee that was tasked with creating a password guideline where I work, I have a bit of an appreciation for these types of requirements. At the same time, I totally agree with what you are saying, and this point was actually one of our top discussion points when trying to come up with a usable guideline. Doing desktop support, I've lost count of the number of post-its with passwords stuck to monitors, or people who greet me with "Do you need my password? It's..." As I stuff my fingers in my ears and yell "La La La ... Not Listening!!" My favorites are the ones who proudly show me that their post-it note is under their mousepad - because no one else has ever thought of doing that. Anyway, I've found the easiest way to remember a strong password is with a sentence. Something like "My Gmail password is too awesome for words!" That would be MGpi2a4w! I know that's only 9 characters, but you get the idea. You can make it more complicated/easier by doing things like having a rule for yourself where the 3rd and 5th characters in your passwords are always the capital ones. You can make a sentence that relates to the particular site/service that the password goes to, like in the example. DaveAnd the disconnect continues. You suggest "MGpi2a4w" is a memorable password. I disagree.However, if it was something I typed in on a daily (or many times daily) basis, I would remember it. The problem is all these stupid websites and services that I use twice a year to complete some sort of ridiculous training requirements. MaloneI'll back you up here. I guess I have "recently been on a committee that was tasked with creating a password guidelines" too. We decided on just >8 characters because complexity leads to exactly what your talking about (writing it down or using the same password for everything).I'll also add that biometrics are not the answer. This technology while clearly cool is far from practical or reliable. RichI totally agree that by itself MGpi2a4w is not memorable in the least. That was why I made the point about having a sentence you use. I think you are capable of coming up with an appropriate sentence for any given situation that is amusing enough to you to be memorable, where you can just grab the first letter of each word for a password. I get funny looks when I giggle to myself as I enter my passwords, but I don't forget them, and they are strong. (Generally, if it amuses me, I'll remember it, so my passphrases usually consist of satire relating to the system for which I need a password) |
||||
|
||||
v. 23.07.06 |