Tuesday, 12 October 2010

Password generation

Using the same password everywhere is easy but insecure. If one account is compromised, they all are. Using different passwords everywhere is more secure, but much harder, because you have to remember a whole lot more different things. Perhaps a good compromise is a hybrid scheme where you construct site-specific passwords based on their context. You'd have a normal, short password as your base, then mentally construct the rest from the website name.

So, say (as a bad example) that you're using "abc123" as your base password and want to sign up to Dropbox. You decide you will append the last 4 letters of the site in reverse order to your base password, so your Dropbox password becomes "abc123xobp". Then later you create a Google account, so your password there is "abc123elgo". Unique passwords, memorable (to you, hopefully) so there's nothing to write down.

Mokalus of Borg

PS - Personally I use KeePass to generate random passwords.
PPS - But that means I'm helpless without it.

No comments: