Computing > Security

One simple trick for passwords the big companies don't want you to know about!

(1/18) > >>

Beamin:
I'm sure most of the people here are tech savvy and may already implement this but when I  tell people this they always say "I never thought of that"

So instead of paying or using a program to store all your passwords use the word "password" and the same password for everything (but add a step), and you can't forget it. It's just an algorithm for all your passwords so you only have to remember the algorithm and the passwords are always different and hard to figure out.
A simple Idea:
When logging into your account: Take the domain name ie "capitalone"
Look at their password requirements: 8 char min, letters AND numbers, one capital letter
Make an algorithm that meets the bare minimum of these requirements.
 You can make this be anything you want as long as you remember it. Here is one easy example
Take the word “password” as a starting password (can be any word)

Take the first two letters in the domain name and convert them into numbers CApitalone = c=3 a=1
Add this number to the front of your password: 31password
Needs capital letters, so take the last letter in the domain name: e and write it twice at the end of your password: 31passwordEE
Now you can do that but vary the letters with each website name and you have the same but different and hard to figure out password, add more steps and math to make it more secure. What ever happened to those ads that said “One simple trick” or “Language professors/car insurers HATE this”, anyways? Person that started that deserves to be shot.

apis:
Such systems can be ok, but if someone figures out your system you are toast. Still, it's a lot better than using the same password everywhere.

You shouldn't use the word "password" or any dictionary word as part of a password though, and you shouldn't use someone else's system, but using some sort of system is better than using the same password everywhere.

schmitt trigger:
And for those websites requiring special characters, replace the S with a $, the X with a *, the l with a !, and so forth.

Red Squirrel:
One system I've seen is to make a card with a grid of random letter/characters, say 10x10.  For each site, you just need to remember the sequence of squares.    Optionally, you can tattoo it on yourself.  Change it up once in a while.

Me personally, I wanted a web based password manager that is locally hosted that does not require any special software or OS specific requirement.  Could not find anything so I just wrote my own.   I just copy and paste the password.  Eash site has it's own password.   Too many sites leaking credentials now days so I don't reuse passwords anymore.     If I need a password remotely, then I VPN in my network. Currently I only allow my work IP to access the VPN though, but work and home is about the only place where I can find myself wanting to access my home network.

As a side note, why do so many sites have so many limits to what characters you can use?  It's all getting hashed anyway (or it BETTER be), so don't even need to worry about filtering out any chars that could lead to a SQL injection.    Technically don't even need a character limit, but any password longer than the hash is probably diminishing returns.

Beamin:

--- Quote from: schmitt trigger on June 02, 2019, 09:37:17 pm ---And for those websites requiring special characters, replace the S with a $, the X with a *, the l with a !, and so forth.

--- End quote ---

OH $#!|  !!!
         
IF you have two factor couldn't your password just be "password" and its just as secure?


Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version