Hacker News new | past | comments | ask | show | jobs | submit login
Recipe: Easy to remember, service specific and secure passwords
4 points by torstesu on Feb 22, 2011 | hide | past | favorite | 6 comments
People, even tech-savvy ones, have a tendency to use a single or a low multiple of different passwords for different services, making them vulnerable to unauthorized access.

The challenge is how to make strong, service specific passwords which are easy to remember. Here is a recipe:

1. Construct a complex password key with a minimum length of 8 characters, e.g -Kr/2.pq4. 2. Make an algorithm based on the URL. E.g. news.ycombinator.com a) Take the last 4 characters in the URL, excluded the domain suffix: ator b) Shuffle the letters in a based on your algorithm: orat 3. Combine the password key and the output of your algorithm: orat-Kr/2.pq4 4. Always enjoy individual, secure and easy to remember passwords for any services.

The algorithm you use can off course be more complex, e.g. adding a characters in between, but the basic idea should be explained.




Or, instead, you simply get yourself a copy of Password Gorilla ( https://github.com/zdia/gorilla/wiki ) and let it both generate truly random passwords for each service and securely store all those unique, truly random, passwords for you.


I do random-generated passwords for important things like root accounts, FTP accounts, and business-related email accounts, but then use a formula similar to the one in the first post for every-day stuff like forums, web apps, gmail, etc, so I can type them in from memory when i'm using them multiple times a day.

Oh, and KeePass (on my Android phone, Macbook, and home Win 7 PC) + Dropbox = heaven. The whole idea of a multi-platform password store with it's actual database file kept in Dropbox (or similar) is something i've been dreaming of and begging for, for years.


True! Personally, i prefer remembering them by heart as i often need to access services from different devices, e.g. my smartphone. But for users not in the need of mobility, Password Gorilla will suffice.


As soon as a full Tcl/Tk environment is available on Android, Password Gorilla should run on an Android smartphone. Not there yet, but someday it will happen.


Agree. On any given day I'm using so many devices at work, home, trying out Live CD's, etc. that I need some algorithm that I can just memorize and type in.


After HBGary I went through and implemented this (throwing in algorithmic based use of symbols and prepending & appending algorithmic components.)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: