Previous Thread
Next Thread
Print Thread
Rate Thread
Page 1 of 2 1 2
Enter Password Here:
#403397 04/21/14 04:43 PM
Joined: Sep 2004
Posts: 11,451
shareholder in the making
OP Offline
shareholder in the making
Joined: Sep 2004
Posts: 11,451
I really need to change all my passwords, and I'm running into the same quandary that every other computer user deals with: Creating a totally different, nonsensical password for every site is the safest but unwieldy solution, and using 012345 everywhere is easy but useless from a security standpoint.

Right now, I use variations on a theme for the 60 or so websites that I use, and I keep those on a paper and .txt document that I can refer to as needed. (Am I sharing too much info in a public forum???) smile

I need to make an email address change on all these sites and thought I would come up with a more secure but more manageable password system while I'm at it.

For the first time, I'm looking into Password Management software (primarily Roboform Everywhere) and wonder what everyone else is doing?


::::::: No disrespect to Axiom, but my favorite woofer is my yellow lab :::::::
Re: Enter Password Here:
MarkSJohnson #403399 04/21/14 04:58 PM
Joined: Feb 2009
Posts: 3,466
connoisseur
Offline
connoisseur
Joined: Feb 2009
Posts: 3,466
I do something like this:

1. Take a password only known to me.
2. Use it on every site, but...
3. Hash it with the domain of the site.

For example:
Say I'm using the password, "password".
For axiomaudio.com I would take the string, "password+axiomaudio.com", and run it through a hashing algorithm.

I have the tools on my computer to do my own hashing, but you can use a site like this: http://www.sha1-online.com/

So "password+axiomaudio.com" hashed with MD5 becomes: 287398526177c51d26bfc383fb4a27f8

You can use some rule to shorten the password. Like only use the last 12 characters. To make it a little stronger, capitalize the last letter, and change the second number to it's "shifted" version.

So the final password becomes: c3*3fb4a27F8

Using those rules, you can always figure out what your password for a site should be, and it will be unique for each domain.


Pioneer PDP-5020FD, Marantz SR6011
Axiom M5HP, VP160HP, QS8
Sony PS4, surround backs
-Chris
Re: Enter Password Here:
MarkSJohnson #403401 04/21/14 05:14 PM
Joined: Sep 2004
Posts: 11,451
shareholder in the making
OP Offline
shareholder in the making
Joined: Sep 2004
Posts: 11,451
Thanks Chris! But then how do you remember that password for convenience when re-entering the site?


::::::: No disrespect to Axiom, but my favorite woofer is my yellow lab :::::::
Re: Enter Password Here:
MarkSJohnson #403403 04/21/14 05:19 PM
Joined: Jun 2003
Posts: 8,488
T
axiomite
Offline
axiomite
T
Joined: Jun 2003
Posts: 8,488
I'm interested in this topic, too. Thinking about paying for LastPass, since I often use my phone and/or iPad in addition to PC.

I'm not sure I'm quite geeky enough to use Chris' method.


bibere usque ad hilaritatem
Re: Enter Password Here:
MarkSJohnson #403404 04/21/14 05:21 PM
Joined: Aug 2009
Posts: 6,015
axiomite
Offline
axiomite
Joined: Aug 2009
Posts: 6,015
Passwords have always been a weak point for me. I picked a few several years back and keep using them over and over again. Definitely need a better way. I like combining 2 or more words with different capitalization and including numbers.

Re: Enter Password Here:
MarkSJohnson #403405 04/21/14 05:23 PM
Joined: Jan 2011
Posts: 1,291
J
connoisseur
Offline
connoisseur
J
Joined: Jan 2011
Posts: 1,291
what i've been doing for years is this:
i think up a phrase like: "No body will ever break that pass word but me".

then when i have to write the password, i only write the first letter of each word; this is the result:
"nbwebtpwbm".
if a site also wants at least one number in the password, then i just add the number 1 at the end.

no one can ever guess at the phrase i use, much less at the pass itself, and this combination of letters can't be found anywhere.

works good for me.

Re: Enter Password Here:
MarkSJohnson #403406 04/21/14 05:31 PM
Joined: Feb 2009
Posts: 3,466
connoisseur
Offline
connoisseur
Joined: Feb 2009
Posts: 3,466
Originally Posted By: MarkSJohnson
Thanks Chris! But then how do you remember that password for convenience when re-entering the site?

Learn to perform MD5 hashes in your head?

I just use the save password feature of the browser (and have a bookmarklet that removes the instruction from a site telling the browser to not save the password on the few sites that do that). Then I have a master password in the browser to keep prying eyes out.


Pioneer PDP-5020FD, Marantz SR6011
Axiom M5HP, VP160HP, QS8
Sony PS4, surround backs
-Chris
Re: Enter Password Here:
MarkSJohnson #403407 04/21/14 05:35 PM
Joined: Feb 2009
Posts: 3,466
connoisseur
Offline
connoisseur
Joined: Feb 2009
Posts: 3,466
Create a bookmark with the following string as the URL:

Code:
javascript:(function(){var%20ca,cea,cs,df,dfe,i,j,x,y;function%20n(i,what){return%20i+%22%20%22+what+((i==1)?%22%22:%22s%22)}ca=cea=cs=0;df=document.forms;for(i=0;i<df.length;++i){x=df[i];dfe=x.elements;if(x.onsubmit){x.onsubmit=%22%22;++cs;}if(x.attributes[%22autocomplete%22]){x.attributes[%22autocomplete%22].value=%22on%22;++ca;}for(j=0;j<dfe.length;++j){y=dfe[j];if(y.attributes[%22autocomplete%22]){y.attributes[%22autocomplete%22].value=%22on%22;++cea;}}}alert(%22Removed%20autocomplete=off%20from%20%22+n(ca,%22form%22)+%22%20and%20from%20%22+n(cea,%22form%20element%22)+%22,%20and%20removed%20onsubmit%20from%20%22+n(cs,%22form%22)+%22.%20After%20you%20type%20your%20password%20and%20submit%20the%20form,%20the%20browser%20will%20offer%20to%20remember%20your%20password.%22)})();


Then if you click that bookmark on a site that doesn't allow password saving it'll disable that code. You might have to click it again when visiting the site next to allow the loading of your saved password. You can get GreaseMonkey to do the same thing automatically, if it is too much of a problem.


Pioneer PDP-5020FD, Marantz SR6011
Axiom M5HP, VP160HP, QS8
Sony PS4, surround backs
-Chris
Re: Enter Password Here:
J. B. #403408 04/21/14 05:36 PM
Joined: Aug 2009
Posts: 6,015
axiomite
Offline
axiomite
Joined: Aug 2009
Posts: 6,015
Originally Posted By: J. B.
what i've been doing for years is this:
i think up a phrase like: "No body will ever break that pass word but me".

then when i have to write the password, i only write the first letter of each word; this is the result:
"nbwebtpwbm".
if a site also wants at least one number in the password, then i just add the number 1 at the end.

no one can ever guess at the phrase i use, much less at the pass itself, and this combination of letters can't be found anywhere.

works good for me.


I used this method years ago with "We All Live In A Yellow Submarine" or waliays.

Re: Enter Password Here:
MarkSJohnson #403409 04/21/14 05:43 PM
Joined: Feb 2009
Posts: 3,466
connoisseur
Offline
connoisseur
Joined: Feb 2009
Posts: 3,466
If you're using the same phrase for all sites, it doesn't matter how hard it is to guess. All it takes is for one site to screw up, and a bot to be programmed with their leaked list, and all your accounts will start being hacked (well, at least your webmail accounts, because that's what spammers want).


Pioneer PDP-5020FD, Marantz SR6011
Axiom M5HP, VP160HP, QS8
Sony PS4, surround backs
-Chris
Page 1 of 2 1 2

Moderated by  alan, Amie, Andrew, axiomadmin, Brent, Debbie, Ian, Jc 

Link Copied to Clipboard

Need Help Graphic

Forum Statistics
Forums16
Topics24,401
Posts432,370
Members15,420
Most Online2,082
Jan 22nd, 2020
Top Posters
Ken.C 18,044
pmbuko 16,437
SirQuack 13,690
CV 11,816
MarkSJohnson 11,451
Who's Online Now
0 members (), 242 guests, and 4 robots.
Key: Admin, Global Mod, Mod
Newsletter Signup
Powered by UBB.threads™ PHP Forum Software 7.7.4