

Recipe: Easy to remember, service specific and secure passwords - torstesu

People, even tech-savvy ones, have a tendency to use a single or a low multiple of different passwords for different services, making them vulnerable to unauthorized access.<p>The challenge is how to make strong, service specific passwords which are easy to remember. Here is a recipe:<p>1. Construct a complex password key with a minimum length of 8 characters, e.g -Kr/2.pq4.
2. Make an algorithm based on the URL. E.g. news.ycombinator.com
 a) Take the last 4 characters in the URL, excluded the domain suffix: ator
 b) Shuffle the letters in a based on your algorithm: orat
3. Combine the password key and the output of your algorithm: orat-Kr/2.pq4
4. Always enjoy individual, secure and easy to remember passwords for any services.<p>The algorithm you use can off course be more complex, e.g. adding a characters in between, but the basic idea should be explained.
======
pwg
Or, instead, you simply get yourself a copy of Password Gorilla (
<https://github.com/zdia/gorilla/wiki> ) and let it both generate truly random
passwords for each service and securely store all those unique, truly random,
passwords for you.

~~~
torstesu
True! Personally, i prefer remembering them by heart as i often need to access
services from different devices, e.g. my smartphone. But for users not in the
need of mobility, Password Gorilla will suffice.

~~~
pwg
As soon as a full Tcl/Tk environment is available on Android, Password Gorilla
should run on an Android smartphone. Not there yet, but someday it will
happen.

------
tgrass
After HBGary I went through and implemented this (throwing in algorithmic
based use of symbols and prepending & appending algorithmic components.)

