Phosphorus and Lime
A Developer's Broadsheet
This blog has been deprecated. Please visit my new blog at klenwell.com/press.
Tuesday, July 04, 2006
Thoughts on Passwords
The problem is not so much coming up with a good password as it is coming up with two dozen good unique passwords. How to manage an ever growing number of passwords in a somewhat yet mostly secure way?
My idea involves, first, categorizing contexts (i.e. logins) that require passwords according to different security levels. The US Government's classification system can be used here, but I prefer something a little more down-to-earth:
1. Highly Sensitive (e.g. financial info, email)
2. Somewhat Personal (e.g. myspace login)
3. Indifferent (e.g. ubuntuforums.org login)
It also involves coming up with a few different components for building passwords. These include:
1. keywords
2. keynumbers
3. acronyms
4. formulations
I write these down in a small notebook that I keep somewhere secure for reference.
I apply different formulations to the different levels.
Level 1
logins use part of a hash of a keyword
Level 2
use static forumlations consisting of something like Acronym #2 + Keynumber #3 + Keyword #5
Level 3
a simpler forumlation using something like a keynumber + a word easily associated with this context. For instance, for a site like anotherforum.com, the login might be keynumber + anotherforum. Gets me in and I should be able to remember it next time (provided I use a consistent formula), but if someone were to crack my password or my formula, the site should be such that it won't make that much difference.
My idea involves, first, categorizing contexts (i.e. logins) that require passwords according to different security levels. The US Government's classification system can be used here, but I prefer something a little more down-to-earth:
1. Highly Sensitive (e.g. financial info, email)
2. Somewhat Personal (e.g. myspace login)
3. Indifferent (e.g. ubuntuforums.org login)
It also involves coming up with a few different components for building passwords. These include:
1. keywords
2. keynumbers
3. acronyms
4. formulations
I write these down in a small notebook that I keep somewhere secure for reference.
I apply different formulations to the different levels.
Level 1
logins use part of a hash of a keyword
Level 2
use static forumlations consisting of something like Acronym #2 + Keynumber #3 + Keyword #5
Level 3
a simpler forumlation using something like a keynumber + a word easily associated with this context. For instance, for a site like anotherforum.com, the login might be keynumber + anotherforum. Gets me in and I should be able to remember it next time (provided I use a consistent formula), but if someone were to crack my password or my formula, the site should be such that it won't make that much difference.
some rights reserved, © 2006