- Jun 24, 2001
- 24,195
- 856
- 126
I've seen so many password tips before, but most involve DANGEROUSLY stupid risks: Like changing every week to something random with a mix of upper and lower-case characters, never using the same password twice and never writing it down on paper or PC. That's just ASKING for a password disaster! Forget your email password (VERY likely because you change it every week!) and NEVER get a re-generated forum password back again! You can get almost the same security as never using the same password with none of the bother, and remember it every time.
Anyway, here's some more logical tips which bring nearly the same level of security with NONE of the hassel.
The backwards trick: Who says you can't use your mother's birthday or your phone number for a password? Flip it around backwards and add hyphens and you've got a password no one can just "guess." Always use it this way so you can memorize the backwards version easily. Who says you can't use a word? As long as it doesn't make another word when spelled backwards the dictionary attack will never work! Choose something easily and logically hyphenated/underscored and you've got a password not many brute-force attempts could crack only in a million years. Replace something else like a zero with a letter "O" and you can guarantee it won't be guessed (when backwards).
The context trick:
If someone intercepts your password even once and you've been using your easy-to-remember password everywhere, they could have your password for every thing you do online. That's why they say to make a different password for every use. How can you do this and maintain your secure and easy to remember password? Add something obvious to it. Add -eb for eBay. Add -pp for PayPal (Or MS Passport but I just use -hm
). I'd be pretty easy to get a password from someone who doesn't do this but does use the same password in most cases: Just send them an email, message or make a post which you know interests them where it requires them to make a new password to continue. Either be the entity that password is created with or intercept that password. Use the context trick to thwart this.
For you own convenience/sanity:
Keep it short and all lower-case with universally supported characters. Don't use hypens like I've been suggesting (For the sake of simplicity), but rather some letter you've chosen to replace it. A hyphen isn't universally accepted in all password forms and neither are underscores. I've seen too many cases where a database has been updated and passwords are suddenly case-sensitive or missing their hyphens (ZSNES forums). You don't want to remember case and hyphen-replacments for each of these strange sites. Also, I think it was Sprint PCS which required more than 5 characters, less than 8, not underscores of hyphens and FORCED you to have both letters and numbers: No phone number backwords, and even a truncated backwards date with context trick ("-pcs") was too long so try to choose something within that sweet-spot (It's too late for me). Also, never fill in any profile data which may hint to your password if word of the context-sensitivity of your password gets out
I'd like to see what kind of combinations you guys currently use... Without revealing too much of course Is anyone already doing this?
Anyway, here's some more logical tips which bring nearly the same level of security with NONE of the hassel.
The backwards trick: Who says you can't use your mother's birthday or your phone number for a password? Flip it around backwards and add hyphens and you've got a password no one can just "guess." Always use it this way so you can memorize the backwards version easily. Who says you can't use a word? As long as it doesn't make another word when spelled backwards the dictionary attack will never work! Choose something easily and logically hyphenated/underscored and you've got a password not many brute-force attempts could crack only in a million years. Replace something else like a zero with a letter "O" and you can guarantee it won't be guessed (when backwards).
The context trick:
If someone intercepts your password even once and you've been using your easy-to-remember password everywhere, they could have your password for every thing you do online. That's why they say to make a different password for every use. How can you do this and maintain your secure and easy to remember password? Add something obvious to it. Add -eb for eBay. Add -pp for PayPal (Or MS Passport but I just use -hm
). I'd be pretty easy to get a password from someone who doesn't do this but does use the same password in most cases: Just send them an email, message or make a post which you know interests them where it requires them to make a new password to continue. Either be the entity that password is created with or intercept that password. Use the context trick to thwart this.For you own convenience/sanity:
Keep it short and all lower-case with universally supported characters. Don't use hypens like I've been suggesting (For the sake of simplicity), but rather some letter you've chosen to replace it. A hyphen isn't universally accepted in all password forms and neither are underscores. I've seen too many cases where a database has been updated and passwords are suddenly case-sensitive or missing their hyphens (ZSNES forums). You don't want to remember case and hyphen-replacments for each of these strange sites. Also, I think it was Sprint PCS which required more than 5 characters, less than 8, not underscores of hyphens and FORCED you to have both letters and numbers: No phone number backwords, and even a truncated backwards date with context trick ("-pcs") was too long so try to choose something within that sweet-spot (It's too late for me). Also, never fill in any profile data which may hint to your password if word of the context-sensitivity of your password gets out
I'd like to see what kind of combinations you guys currently use... Without revealing too much of course
Is anyone already doing this?
Facebook
Twitter
Instagram