I haven't tried this yet, but depending upon how you remember things (aka are you a visual person) I thought a word find puzzle would be a good way to "store" passwords in an open form. For example have a sheet of paper w/
G74jk/ GR#%!y &#ujwj 41^PH@ n#75HL /G>210 Then for one password just use the diagonal GRuPH0, for another use the "V" GG#175Hwy/. You could base the sequence on the use if that helps, M for the mail server would be /n4&GGRu%k/yj@L0. Again I haven't tried it yet so I'm not sure how practical it would be, but it seems like it might be a viable option for storing multiple passwords. Just a thought... ----- Original Message ----- > From: "Matt Simmons" <[email protected]> > To: "Tracy Reed" <[email protected]> > Cc: [email protected] > Sent: Sunday, May 15, 2011 10:48:55 PM > Subject: Re: [lopsa-discuss] Password prefixes [Was: Re: "Stupid SysAdmin > tricks for $500, Alex"] > I wouldn't recommend it for corporate enterprise use, but Bruce > Schneier has suggested that individuals treat passwords the same way > they treat every other bit of personally important or valuable > data...put it in your wallet. > > He suggested that, since it's the best practice to not use the same > password at multiple sites, that you write down your passwords for > sites on a piece of paper and store it with your other valuables. > Then, when you lose your wallet, you go through the exact same > procedure you do when you cancel the other important bits like credit > cards. > > --Matt > > > On Sun, May 15, 2011 at 7:56 PM, Tracy Reed <[email protected]> > wrote: > > On Sat, May 14, 2011 at 10:49:27PM -0400, Greg R spake thusly: > >> On Sat, 14 May 2011 19:44:42 -0400, Tracy Reed > >> <[email protected]> > >> > What do you mean by "root password prefix"? > >> > >> I ran into something like this before. The password is an acronym > >> with > >> substitutions: > >> > >> "Fred is no longer working here April 9th" = F1NLw#49 > > > > Implemented that way, it really doesn't seem so bad and I do similar > > although I > > wonder how many then go on to use that same "secure" password on > > multiple > > systems. > > > > I was thinking it might be something like what one shop I am > > familiar with > > does: > > > > "Fred Is Fired" = FIF > > > > mailserver password = FIF_mail > > > > fileserver password = FIF_file > > > > database password = FIF_data > > > > and so on. > > > > The prefix (same on every machine) then an underscore followed by > > the first > > four letters of the hostname. For the record, I recognize this as a > > really bad > > idea. They are even an e-commerce shop so credit card data is > > involved. I am > > working on getting this changed but they have been told "never write > > down > > passwords." so there has been resistence. There are password keeper > > programs > > which use a master password to encrypt the list of passwords but > > those work > > better for personal use: If we have to change or add a server root > > password I > > don't want to have to get everyone to update their personal lists. I > > am leaning > > towards A GPG encrypted file on an internal server somewhere as is > > my standard > > practice although if The Boss, who has no command line skills, wants > > access to > > it also for purely territorial reasons as he has no legitimate > > reason, that may > > be an issue. > > > > I'm sure this is a common problem. What do the rest of you do? > > > > -- > > Tracy Reed > > > > _______________________________________________ > > Discuss mailing list > > [email protected] > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > > This list provided by the League of Professional System > > Administrators > > http://lopsa.org/ > > > > > > > > -- > LITTLE GIRL: But which cookie will you eat FIRST? > COOKIE MONSTER: Me think you have misconception of cookie-eating > process. > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
