
30 years of failure: the username/password combination - soundsop
http://arstechnica.com/business/news/2009/10/30-years-of-failure-the-user-namepassword-combination.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
======
pie
I think we're all well aware that typical users tend toward overly simple
password choices. That's why helpful measures such as password strength gauges
and password content requirements have become so commonplace. This is nothing
new.

~~~
vaksel
the problem is that many sites use different rules, which means every user has
to remember 3-4 different passwords.

------
filosofo
_And, although our long-term memory for images and words that we've assigned
meanings to is quite good, we don't do as well with passwords, which (ideally,
at least) should look like a near-random string of characters. It's another
challenge entirely to remember which password to associate with a specific
account._

It seems like this is easy enough to solve with a little instruction: have
users make up a phrase that has to do with the account, and use the first
letters from each word as the password: it's unique, non-dictionary, yet
memorable.

------
rv77ax
i use 2 grams of 'salt' on my password plus the site name where i want to
login. it's simple an easy to remember.

<http://journal.kilabit.org/salt-n-pepper>

how do you "create" your password ?

~~~
mahmud
<https://addons.mozilla.org/en-US/firefox/tag/1password>

Brain cells should not be wasted on rote password generation and memorization.

~~~
Create
Brain cells should be used to remember important things. Most important things
are conveyed by i.e. poems. Although nobody learns literature citings by heart
in the era of wikipedia, a straightforward way to have a strong password is to
pick e.g. the first letters of each line of a poem (aka passphrase you should
already know), as described in the man:

When choosing a new password, make sure it's unrelated to any previous
password. Use long passwords (say 8 characters long). You might use a word
pair with punctuation inserted, a passphrase (an understandable sequence of
words), or the first letter of each word in a passphrase.

<http://linux.die.net/man/1/passwd> ...RTFM has also been subject of debate
for ages...

~~~
mahmud
I appreciate the lofty sentiments, but password managers are doing a good job
generating _hard_ passwords and remembering them.

~~~
Create
...then you upgrade to snowy, and later realize that a given lib is not
compatible with your favourite password manager and shut yourself out until
you manage to restore your access. For generating _hard_ passwords, you might
as well go for ssh keys and manage those. But tastes and customs differ...

