Owen,
Here's a gimmick I came up with last year. Seems to work - but who knows...
I use a combination of two patterns - one for consistency (the
"static"), the other for change (the "dynamic").
_The key is that both are physical, geometric concepts relative to the
keys on qwerty keyboard_ - rather than semantically-oriented patterns
that everyone uses.
Using physical, geometric keyboard shapes - like squares, triangles,
etc. - makes the system easy to remember and use, but hard to explain in
text. But here goes:
I base the "static" pattern on some simple geometric shape - such as
triangle or parallelogram. for example the keys AZCD form a
parallelogram. I use this pattern as the "root" of my password. The
remainder of my password, the "base", is something that I can remember
easily, but with a capital and a special symbol - such as
"fr!am3.14159". To generate my initial password I simply join the root
and the base in some consistent way, such as AZCDfr!am3.14159. Of
course, I can scramble this, but I would only do the scramble initially.
Then, every month, or other period, I change this password in a
consistent way. This is where the "dynamic" pattern comes in. The
dynamic pattern is a rule for how I transform the "root" each month in a
geometric way. For example, I may use the transform rule "move the
'root' up and to the right." This means that the "A" of the root becomes
a "W", and all of the other root keys change accordingly. So, the second
mont, the root becomes "WSFR". So, the second month's pword is
"WSFRfr!am3.14159". Month 3's password would be "3ET5fr!am3.14159". For
the fourth month, I "bounce" off of the top of the keyboard and head
back down. After 16 months, I get to the right end of the keyboard. I
usually develop a new root then and start all over again.
Anyway, using these example patterns and base, the first five months of
this set of passwords would be:
AZCDfr!am3.14159
WSFRfr!am3.14159
3ET5fr!am3.14159
EDGTfr!am3.14159
DCBGfr!am3.14159
Of course, the permutations of this scheme are very large. And, you can
change the base, the root and the dynamics at any time. And of course,
you can site-specific symbols like "AN" for Amazon. Also, you can get
creative with how you "slide" the dynamic pattern to make it harder to
guess.
The basic idea, though, is to use "keyboard geometry" for your root,
rather than semantics.
Anybody see any holes in this?
Grant
On 1/29/13 9:26 AM, Owen Densmore wrote:
Well, yet another scare today ... an email to me from the name of
someone I know but from a bogus email address. You know: "best
friend" <[email protected]>.
So I've looked into cranking up the password security a bit.
It seems that the two most important ideas are:
1 - Long passwords
2 - Unique passwords, different for each site
I realize password managers (keepass, 1password, ..) can generate
gibberish passwords, any length you'd like. But it'd be nice to be
able to remember them yourself. Besides, password managers don't work
everywhere in these days of the "app" because they are browser
centric.
So looking into common pw formulas, like http://healthypasswords.com/
& lifehacker http://goo.gl/hZ5rB propose, the site specific stunt is
something like: az@xxxxx!yyy "sandwich" where I have a core xxxx or
set of them, with prefix/postfix identifiers. In this case, az for
amazon, and yyy for something else like b00ks. And yes you can
scramble where az goes etc, but once a formula is seen, it's not going
to be that hard to figure it out for google etc.
Thus, even tho long and unique, it still could be fragile.
So the choice does appear to be either a password manager and
gibberish, or a nifty, human rememberable system that may be fragile.
Has anyone tried the two-factor stunt? Google uses sms & your phone.
I don't know what it would be like to use, but many sites lately allow
you to login via google, facebook and others, so if the google login
is 2-factor secure, maybe that's a good solution? Seems like it might
be a pain and fail if your phone isn't working.
-- Owen
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
