DJA wrote: > > I use <only_in_my_head_part_of_password>+not_so_secret_part_of_password. > > I keep a list of the not_so_secret parts of my various passwords. > > Because the only_in_my_head part is used as a prefix for every password, > I don't have any problem remembering it. Because there are many > not_so_secret parts, I often need to look those up in the cases of the > ones I don't use often. > > Even if someone finds my list, it'll do them no good because any given > entry is only part of the password. The other part exists only in my head.
This is a great idea, and I use this too, actually. Except the not-so-secret part (``salt'') is not written down, either. I also have two different secret parts, depending upon the system. If it is a linux system, then it is my Uber Secret. If it is a root account, it is my Uber Secret, but the ``salt'' is applied in a different order. If it is a web application, then they get my Please Don't Tell Anyone secret. If it is Single Sign On, it is my I Don't Trust You secret. Yes, I keep a bunch of secrets in my head. I never write these down, because if it is written, it can be subpoenaed. I also sometimes forget which secret (or salt) I was using. That gets embarassing. -john I don't like Single Sign On. I don't trust it. -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
