Sounds like encryption <http://en.wikipedia.org/wiki/Password_cracking> to me like wep <http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy> on my wireless network at home. The systems in place have trained the way I choose passwords. I have a standardized way. I can recall 4 systems at the moment, phone PW, OS login platform1, OS login platform 2, web service.
1. For phone systems I just use numbers, alpha numeric...oh wait is that the way it always is. 2 & 3. OS login I had to standardize my user name for personal use & am often confused when an organization issues you one. OS password I have this 3 sets of 4 thing going or 4 sets of 2 depending on how many attempts locks me out, just in case I forget, then I can try the variation without getting the boot. I also use the same passwords for linux systems with a GUI and just use caps lock to mask the password, so I don't even really know what it is. 4. Web service, my favorite. Multiple email user names for multiple services. Email as your username is the most efficient for any kind of error recovery. You can be identified, traced, studied. I like it when I forget my password and can just enter my email and am even more pleased if the new password is not in the email confirmation but I am provided with a link that opens up a web form that allows me to just pick a new password and verify it. I think I use the same password method and have a secret internal algorithm of when I use different sets and variations depending on the type of site. HOST un & pw...Entirely different story; but, totally organized convention where encryption makes it strong for permissions, departments, business units etc.. On Sat, Apr 18, 2009 at 11:47 AM, j. eric townsend <[email protected]> wrote: > > Lost in this discussion of password strength is, "how do we handle multiple > failed logins, forgotten passwords, and compromised passwords"? If your > overall design (is this where we get into service design?) is put together > correctly, a compromised password (or an attack on an account) isn't the end > of the world. > > I worked at a US federal gov't site where the root/admin passwords were > printed out for the admins in a mutated form. They were then told an > algorithm that would un-mutate the password into something usable. If the > wrong password was used three times as root/admin on any system, the system > was locked down and security was notified. The passwords were immediately > rotated and new base/mutation pairs generated. > > The goal was to give root/admin access to a large number of people without > sharing passwords across systems, and it ended up working pretty well. > > -- > J. Eric "jet" Townsend, CMU Master of Tangible Interaction Design '09 > > design: www.allartburns.org; hacking: www.flatline.net; HF: KG6ZVQ > PGP: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8 > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [email protected] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
