Re: How to choose passwords

Since I buy things on Amazon, that's Per/Crit. Forums are social. Using the three bank scenario, I might use;

d@rkyboo08
dorky&oo08
do%kyboo08

I have held to a common name and theme of substitution to facilitate memory, yet all are different enough that it is unlikely they would all be discovered immediately. All I have to remember is that I use @ in place of o, & in place of b, and % in place of r.

Re: How to choose passwords

IF you want help in creating passwords, it might be better to have a way to generate 'strong' random passwords. Take a look at Strong Password Generator (just one example - there are other sites. Just search.)

While not practical for 'normal' use, GRC's Ultra High Security Password Generator is an excellent 'strong' password generator. GRC is an extremely reputable company.

Three banks

How does your method help you remember which variant is associated with which bank? And how do you cope with the fact that different sites have different and often conflicting criteria for acceptable passwords? For example, some sites reject passwords with special characters while other sites require them.

Actually, allowing special characters doesn't really add much to the security, in my view. With just letters and numbers, you have 62**n possibilities for an n-character password; with special characters, it might be something like 96**n. Not that much of a gain compared with just increasing n.

Re: How to choose passwords

Some of it has to be dedicated to memory. For me, it's not too difficult (even at my advanced age :P ) to remember one detail like which letter I swapped out. In the event I do forget, I have a "pattern" with which I can attempt to recall my password - the substitutions. In the event a particular website will not allow special characters, I would use a number substitution or not substitute at all from my base word. Keeping in mind that my base word is not a dictionary word.

The special characters are used less as a tool to increase n, but rather as a way to vary my passwords without leaping into totally uncharted territory - password wise.

Point being; I can remember my technique and apply it to three made-up words that I can also remember. Thus avoiding having to carry a "little black book" around or keep my passwords insecurely in a readable file.

Really, security of a particular website is 99% dependent on the website itself. All the randomly generated mind-bending password histrionics in the world won't protect you from a insecure website.

What I long for is a reliable thumb-print system which would remove passwords and allow the sole use of a thumb scan to "unlock" websites, use my credit cards, get cash from an ATM and so on. I doubt we'll see it.

Re: How to choose passwords

There are lots of ways to generate highly secure passwords. The problem is in keeping track of a large set of them -- 40 is not unusual. And yes, biometrics would be the best way to go if it ever becomes practical.

What continues to astonish me is the quantity of impractical advice out there -- advice that simply ignores the problems of limited human memory, the need to account for a large set of passwords, the need to change passwords periodically, and all the other issues I cited in my original post.