Comments on: Building Strong and Memorable Passwords (Part 4 of 4) http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/ Home of Todd Sieling's product design and strategy services for the web. Thu, 11 Mar 2010 06:26:24 +0000 hourly 1 By: Dave http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-5 Dave Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-5 Changing your password frequently would just be a matter of changing the first dictionary/foreign word. The true enemies of secure passwords are restrictive and inconsistent policies. The example password above would qualify for most password policies but not for all. I have seen policies that state that the password must be in between 5 and 8 characters. I have also seen many systems where only the first 8 characters were used, regardless of the true length of the password. In my own workplace we have several inconsistent password policies. (There's actually only one, officially mandated policy but every department implements it differently.) Some passwords must be changed monthly, some every three months. Some are unrestricted, some must have at least one capital and at least one number, one must have **two** numbers... no more, no less and won't accept any "special" characters although no one has defined what "special" characters are and finally some must have all of the above **and** special characters. My only saving grace is that I **can** remember lots of horribly complex passwords. Anyway, enough of my rant. Nice suggestions and a very good password choosing guide for anyone with a sane workplace. Changing your password frequently would just be a matter of changing the first dictionary/foreign word.

The true enemies of secure passwords are restrictive and inconsistent policies. The example password above would qualify for most password policies but not for all. I have seen policies that state that the password must be in between 5 and 8 characters. I have also seen many systems where only the first 8 characters were used, regardless of the true length of the password.

In my own workplace we have several inconsistent password policies. (There’s actually only one, officially mandated policy but every department implements it differently.)

Some passwords must be changed monthly, some every three months. Some are unrestricted, some must have at least one capital and at least one number, one must have **two** numbers… no more, no less and won’t accept any “special” characters although no one has defined what “special” characters are and finally some must have all of the above **and** special characters.

My only saving grace is that I **can** remember lots of horribly complex passwords.

Anyway, enough of my rant. Nice suggestions and a very good password choosing guide for anyone with a sane workplace.

]]> By: Acronyms http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-6 Acronyms Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-6 So hackers can't access foreign dictionaries? Instead take a memorable line from a song/poem/simpsons quote/whatever. Use the first letter of each word. Eg, "Alas poor Yorrick I knew him well" Apyikhw. So hackers can’t access foreign dictionaries? Instead take a memorable line from a song/poem/simpsons quote/whatever. Use the first letter of each word. Eg, “Alas poor Yorrick I knew him well” Apyikhw.

]]> By: xan http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-7 xan Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-7 What is wrong with password1? What is wrong with password1?

]]> By: Chris http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-8 Chris Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-8 Very good article! One addition to a foreign language word is pick a word that means something to you and alter the spelling (ie. I use an old misspelt street address backwards). Easy for me to remember. I also find after a little while your hands can almost type the passwords themselves (scary I know!). Anyway that's my 2c worth Very good article! One addition to a foreign language word is pick a word that means something to you and alter the spelling (ie. I use an old misspelt street address backwards). Easy for me to remember. I also find after a little while your hands can almost type the passwords themselves (scary I know!). Anyway that’s my 2c worth

]]> By: ewok http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-9 ewok Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-9 Great thing about password1 is that you can use it again next quarter by changing it to password2 ;) The fun rolls on! Great thing about password1 is that you can use it again next quarter by changing it to password2 ;) The fun rolls on!

]]> By: bleh http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-10 bleh Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-10 I always use temp1234, is that secure enough? I always use temp1234, is that secure enough?

]]> By: Johan http://corvusconsulting.ca/2007/10/building-strong-and-memorable-passwords-part-4-of-4/comment-page-1/#comment-11 Johan Thu, 01 Jan 1970 00:00:00 +0000 urn:uuid:{a.guid}#comment-11 I allways use a bit of leet-speak. Changing o's to 0's (zeros), I to 1, T to 7, and so on H3ll0W0r1d I allways use a bit of leet-speak. Changing o’s to 0’s (zeros), I to 1, T to 7, and so on

H3ll0W0r1d

]]>