Generating My Password ?
There are safe and very dumb ways to make a password.
Contents
Making a password by myself !
CAcert-Website wrote on 24/06/05 09:48 AM:
> Subject: Passwords
> Message:
> Why do I have to use such a high security password, my usual chrs and numbers should be enough - the *only* way I can remember the one you would want is by writing it down on a piece of paper by the PC - great
> John
The best advice I've learned about remembering long passwords is pick some phrase (book title, line from a song or poem, that you know or like), and take the first letter of each word, then maybe insert a number or two, maybe alternate upper lower case, and/or replace one or two of the letters with numbers or the punctuation symbol on the numbers.
Example phrase:
"All the world's a stage, and all the men and women merely players" (Shakespeare)
first letters, throwing in two digits:
atwas78aatmawmp
alternating case (* is the shifted 8):
AtWaS7*aAtMaWmP
change the w's to #'s (easy to remember since the 3 (shifted gives #) is right above the w):
At#aS7*aAtMa#mP
Or of course use any other tricks that are memorable TO YOU for how to get from your phrase to your actual password.
By all means you have to be a little bit disciplined to try it once or twice right after you make it up, and once or twice a day for a few days. This will ensure that it makes the transition from your short term memory to your long term memory, and eventually even into your muscle memory (you'll automatically type it without actually remembering every character verbatim) once you've used it enough times. If you fear you will still forget it, and must write something down, you can write something of how you got to it, without writing it down character for character so it will still be fairly useless to someone finding your note.
I don't do this for every single password I have to generate, but I have two or three of these that I re-use for different areas. I have a very simple password for blog sites, support lists, etc where I could really care less if someone guesses it and impersonates me to submit a bugzilla report or whatever.
Another way is to do this for just one strong password to encrypt a passwords.txt file on your disk that holds all your other passwords.
"gpg -c passwords.txt"
to encrypt the file (then "shred --remove passwords.txt" to get rid of the plain text version)
"gpg --decrypt passwords.txt.gpg" when you need a reminder
Hope that helps.
Cheers.
Martin
As a reminder, it is easier to remember complex info when you can connect them to already known things The brain is a tremendous stuff. You can make really complex passwords ! So please, be wise ! Oups ! I've forgotten my neurons somewhere ? Can you help me ?
Diceware method
Another way is to use the Diceware method. Which basically means using dices to selected words from a really big list. The major advantage is, that you can calculate the strengh of you passphrase, since every word adds 12,6 bit of entropy to your passphrase. The disadvantage is, that the passphrase is usually longer, than when you use letters. But most people find these diceware passphrase easier to remember. See following websites for more info:
Generators (someway less safe)
You can grab any password generator that implies some REAL randomness 1 then add some stuff of yours in it.
Here are 2 examples that are more or less safe. Do not forget to add letters of your own!
You can also find many local applet generators (see Googling...), like:
See GRC web site which claims to have a proper RNG entropy from BSAFE RSA libs... it needs to be tested. please look at the tests GrcRngTest.
Feel free to add any convenient program links to improve password quality !
One of the best source of randomness is the physical mesure of the gaps in the intensity of a laser ray. review needed ! (1)