What are some tips for creating strong and unique passwords?

[scott1]

According to Kim-Phuong Vu, a lot of users try to remember half a dozen passwords. Which is why the most common password is "password."

http://www.ddj.com/blog/securityblog/archives/2006/05/password_protec.html"
How did they know my password that I use for everthing

 

[mattmns]

I have about 3 or 4 passwords that I use for nearly everything. I plan on changing them soon though, as they have been the same for quite a while.

 

[Moonbear]

They recently changed things at our university to require changing passwords every 6 months, and you can't reuse the last THREE passwords. I can't remember that many! So, I've taken to creating stickies on my computer for the ones I don't really give a darn about. So much for improving security. That, or I just keep changing one number...I figure I can just rotate 1 through 4 and then start over again.

 

[Physics_wiz]

They recently changed things at our university to require changing passwords every 6 months, and you can't reuse the last THREE passwords. I can't remember that many! So, I've taken to creating stickies on my computer for the ones I don't really give a darn about. So much for improving security. That, or I just keep changing one number...I figure I can just rotate 1 through 4 and then start over again.

lol Moonbear. They made me do that when I worked at the LIBRARY!

 

[cronxeh]

my passwords are 16 digits long
and no its not my debit/credit card numbers, i just like remembering random sequences of alpha-numeric-symbol combinations

 

[Moonbear]

lol Moonbear. They made me do that when I worked at the LIBRARY!

I just have to laugh, or else I'd cry, since they still manage to have security holes a mile wide, but by gum, you better change your password every 6 months.

Glad you popped back into GD...I just met SpaceTiger today, and will be meeting up with Russ Watters later in the week, and still need to meet one more PFer to tie with the Oregon mentors' record gathering of 4. We should meet up around campus sometime!

 

[Evo]

Our passwords expire every thirty days and none can be reused for 12 months and they require a combination of upper and lower case letters, at least one number and a special character, and there are dozens of systems that require different passwords, so we all keep a page long password cheatsheet at our desks because in their misguided attempt at security, they've made it impossible to remember passwords to systems we don't use daily. I can go to anyone's desk and log in as another person.

 

[Physics_wiz]

Glad you popped back into GD...I just met SpaceTiger today, and will be meeting up with Russ Watters later in the week, and still need to meet one more PFer to tie with the Oregon mentors' record gathering of 4. We should meet up around campus sometime!

Sure it doesn't look like I'll be going away this summer...no internships for me

 

[Pengwuino]

One word: biometrics

 

[wolram]

No matter what password i use it all ways comes out to be ******,

 

[Moonbear]

No matter what password i use it all ways comes out to be ******,

Sometimes mine are dots instead of asterisks.

 

[Moonbear]

Our passwords expire every thirty days and none can be reused for 12 months and they require a combination of upper and lower case letters, at least one number and a special character

I had to register on a site for submitting grants recently that had insane requirements like that...PLUS the added restriction that you couldn't have a number as the first or last character. And it's the sort of site that you'd use once or twice a year, so yeah, there's no way I'll remember an unusual password for that. Of course, that's opposed to the scientific society I belong to that the challenge is remembering your username, because it's your membership number...they end up having to email everyone their membership numbers when it's time to submit abstracts and register for the meeting, because nobody can ever find the little card they mail with our number on it. But your password there is just your last name, and they tell you that right on the site.

 

[franznietzsche]

my passwords are 16 digits long
and no its not my debit/credit card numbers, i just like remembering random sequences of alpha-numeric-symbol combinations

I do all of mine on the basis of keyboard layout. Its easier for me to remember a sequence of spatial positions and hand movements than a semi-random set of 14 characters from my keyboard. Downside is I don't actually know some of my passwords. I just remember how to type them.

I actually started doing this because of the password requirements for our school email accounts that required at least one non-alphanumeric character, numbers and letters, etc. And it couldn't be a password someone else used. It was a pain in the ass to come up with a permissible one.

 

[scott1]

They recently changed things at our university to require changing passwords every 6 months, and you can't reuse the last THREE passwords. I can't remember that many! So, I've taken to creating stickies on my computer for the ones I don't really give a darn about. So much for improving security. That, or I just keep changing one number...I figure I can just rotate 1 through 4 and then start over again.

You could use:
password1
password2
password3
password4
password5
password6
etc.

 

[Moonbear]

You could use:
password1
password2
password3
password4
password5
password6
etc.

Hey! How'd you guess my passwords?!

Oh, I just remembered the password rules at another university...in addition to the requirements for capitals, lowercase, and combinations of letters and numbers, you couldn't include any word actually found in the dictionary! So, you either had to break the words up with numbers or symbols, or try to think up a whole sentence and use first letters of each word or something like that to try to create something you could actually remember.

 

[Physics_wiz]

Enjoy the simple rules while they last. In a few years, all new employees who need passwords will be required to take a cryptography class first.

 

[Moonbear]

Enjoy the simple rules while they last. In a few years, all new employees who need passwords will be required to take a cryptography class first.

I think I just need to borrow someone's cat to walk across my keyboard to create my next password.

 

[dav2008]

An interesting way to keep track of passwords is to have one or two "main" passwords that you can easily remember and then customize it to each website.

For example if my main password was snow101 I would make it snow101pf for physics forums, snow101y for yahoo, snow101gm for g-mail, etc etc.

I don't actually do that though. It's just an interesting trick I read about.

 

[Physics_wiz]

An interesting way to keep track of passwords is to have one or two "main" passwords that you can easily remember and then customize it to each website.

For example if my main password was snow101 I would make it snow101pf for physics forums, snow101y for yahoo, snow101gm for g-mail, etc etc.

I don't actually do that though. It's just an interesting trick I read about.

Whoever came up with this stole it from me!

 

[Moonbear]

An interesting way to keep track of passwords is to have one or two "main" passwords that you can easily remember and then customize it to each website.

For example if my main password was snow101 I would make it snow101pf for physics forums, snow101y for yahoo, snow101gm for g-mail, etc etc.

I don't actually do that though. It's just an interesting trick I read about.

I started out doing that, and then they kept adding new twists and rules that made it more challenging, and then I don't remember what version I used (which one ends with 1, which with !, which with just the letters, which is split in the middle with a hyphen, which is on version 2, 3, 4 etc.)

 

[honestrosewater]

I just make up sentences or phrases and use the first (or second, last, etc.) letter of each word in it, throwing in some digits to replace letters, as a '1' for a 't', '2' for 'to/too/two', '4' for 'for', and such. I easily have 20 different ones, and they're all easy to remember because you can make the sentence or phrase be about the site or program that the particular password is for. You could also take lines from poems, songs, movies, and so on. For example, This is the password of J. Alfred Prufrock for Physics Forums = 1i1pojap4pf.