<p>Google Password Haystacks from <a href="http://grc.com">http://grc.com</a></p>
<p>Good stuff</p>
<div class="gmail_quote">On Oct 24, 2011 8:02 AM, "Florin Iucha" <<a href="mailto:florin@iucha.net">florin@iucha.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Sun, Oct 23, 2011 at 08:51:40PM -0500, Harry Penner wrote:<br>
> > I should try that. What I've been doing instead is using a certain format<br>
> > for the password, something like #:xx637FUbar where the xx part is replaced<br>
> > by a couple of letters based on the name of the machine or system I am<br>
> > connecting to. That means that I have different passwords on every system,<br>
> > but I can still remember them. I guess it is theoretically possible for<br>
> > someone to figure out what I've done, but I think that is very unlikely.<br>
> ><br>
> > Mike<br>
><br>
> I've read in several 'security' places (conferences, blogs, etc, take<br>
> 'em all with a grain of salt) that that's a very effective way to<br>
> manage passwords. The idea being that (1) the main component of the<br>
> password is "strong", but there's only one so it's not too hard to<br>
> remember, and (2) the site-unique piece of the password prevents the<br>
> vulnerability associated with using a single (however strong) password<br>
> for multiple sites. Since it's completely unreasonable to expect a<br>
> normal person to remember multiple "strong" passwords, it's what I<br>
> recommend to extended family and friends.<br>
<br>
<a href="http://cuddletech.com/blog/?p=666" target="_blank">http://cuddletech.com/blog/?p=666</a> and xkcd make a good point in that we<br>
should not be using pass-words but pass-phrases. More entropy and<br>
easier on our brains.<br>
<br>
Cheers,<br>
florin<br>
<br>
--<br>
Don't question authority! They don't know either.<br>
<br>_______________________________________________<br>
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br>
<a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>
<a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br>
<br></blockquote></div>