h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Does anyone else use the same password for loads of things? My password has actually mutated over time, from (for example only) Kl'orgh to Klorgh to Klorg.

I tend to use passwords in rotation. Meaning that I tend to use one password at several different sites, so that I don't have to remember a whole lot of them. I suppose I would be more careful about passwords if I logged in at (say) an office terminal but since I'm usually at home, I haven't needed elaborate methods to keep intruders out. Every so often, I change all the passwords around to the latest common one.

Shamelessly I use the same password in nearly all the places I need one. (That's why I was interested in this whole construction methods in the first place - I wanted some ideas for creating a new one!)

Clive

Me too.
Also name creation: I see yours is almost as enigmatic as mine!

I am about to shamelessly plug my own article on UserNames -- here's its URL: http://www.h2g2.com/A305704 -- it's not about name-creation exactly, but the responses in the forums related to it offer various ways of thinking about names and their possible interpretations. Oh -- and thanks for the numbers! I'll certainly look up the site!

Enimatic - that's my middle name!. No, wait. It's "the" isn't it?
Magnolia has read my name once already. but Jim Davies has Garfield, Charles Shultz had Snoopy; I got Clive. I did consider the moniker "Sheep Bleating", but I can't avoid it,Clive is my alter ego.

Clive

Oh and magnolia, I'm probably just tackling my message board in the wrong order, but what numbers? what site?, (disclaimer: and if that was not directed at me, I shouldn't be so nosey, *permission granted for a one-minute point and laughing session*)

Several password techniques:

1. I have a few passwords that I use in multiple situations. There are all those internet sites, for example, where you have to register just to use the site (no credit card info or anything) and you may not return for months. I consider these low security password situations and use the same one for most of them, made up of the last four digits of my Social Security number and an old PIN that I no longer use but can easily remember.

2. Mnemonic devices. For better passwords, I'll use an acronym of something that is important to me. For example, if you loved the song "The First Time Ever I Saw Your Face" (just an example, not one I'd use), you could have a password of 't1teisyf' (using 1 instead of F for 'First' for better security). Easy to remember, tough to break.

3. I dealt with a university ISP that required users to change their password EVERY 60 DAYS! Very annoying. It actually is counter to security because there's no way to remember that many passwords easily, so you have to write them down, which is less secure. You also couldn't use one of the last two that you had used, more than one letter had to change, etc. The login procedure was called the University Logon I.D. or ULID for short. I was so upset with them that I came up with a password system that involved using rotating vile swear words with ULID at the end, as in 'f***ulid', as my password. Very easy to remember

A friend of mine once went climbing in Iceland. He also had to deal with a network that insisted on regular password changes, so he used the names of the mountains in rotation. Easy for him to remember without any writing down, impossible for the rest of us even to spell, never mind guess.

Dat's okay! I'm the understanding sort!

i have a similar metod to one above, I have a standard password for low risk sites which never changes.

For other sites, and allworks passwords that have forced changes I have a three alpha character eg CSC then 001, 002 etc. the three letters are chosen from distant usernames, friends initials, anything that are a long way in my past.

As an ex-password thief I must say never use wife/husbands/girlfriends/boyfriends/sheeps names. they are so easy to guess. But also think where the keys you press lie on the keyboard. I could follow at least 8 character passwords by looking at the typist, mainly because if real wordas were used any missed characters could easily be guessed. For real sercurity choose about 5 constanants and a few numbers, even throw in a few from the shift numerics eg !"£$%^&*() if your system allows it, it takes a lot to notice the shift key being held down.

C Hawke

By preference, I have one business password and one personal, spread across all the accounts I like to use. At work, I sometimes have to call in the business password, so people can do administrator things on my days off.

Of course, having just two passwords would be far too simple. Some of the accounts I use deserve a bit extra in the way of protection. Then there's all the accounts where people generate passwords for me (friendly ones like "lhu0Hthg"), and tell me not to change them.

Hawke -- I am absolutely RIVETTED by your disarming confession of being an ex password-thief!! What you say is actually most important for anyone who seriously requires security -- but your voice is the one that's rarely heard. Thanks so much for responding. I have ALWAYS felt that anyone can follow my fingers as I type, if they watched me -- but I rarely log-in from public places and the names/words I use are (I know) unfamiliar so I am not usually very concerned. But now at least I know that this fear is not empty paranoia!

Your observations remind me of something I read by Richard Feynman (you know, the famous and brilliant nuclear physicist) -- he was always interested in how burglars get through security systems, whether locks on doors or combinations of numbers on locks. His discovery, just as you say, was that people DO tend to use the most obvious names/dates/car licence numbers -- even nuclear scientists working on the first H-bomb -- because they're the easiest to remember. And to break into, I guess!

Where I work we're required to have a password consisting of 6-8 characters and at least one of those has to be a number, where the number cannot be the first or last character. Usually, the passwords chosen are short names with a number splitting the names. As an example: Di12ane, where the 12 is most likely a date of the month where this person was born, or the month the person was born, or maybe simply D1ane, where the one can be used as either an L or an I.
We're also required to change most passwords after 3, or in some cases 6, months to prevent hacking and cracking. However, only a few of the applications we use actually notify us that a change of passwords are due in this and that many days.

Personally, I fancy passwords that I find in books I read. Nnames of characters and places and objects in those books usually provide pretty good passwords, and once again, you can always add a 1 for an I or an L to make the security guys happy.

Where I work, one of the systems requires you to change your password after 30 days. You get 30 days grace and then the account on those machines is suspended and you've got to go through a few hoops to get it back.
A random (or seemingly random) password can be remembered easily when you've had to type it about 40 times to change a load of machines over...

take two totally unrelated words, preferably one not even real, something onamatapeic is always good, or a cartoon charaters name, add a number into the equation and there you go so you get gonzojamboree21 or helica1Cron or pootle77snikt. Hey, I could keep just churning them out. As the words all mean something to you, they are easy to remember, take that last one for instance pootle (a flump) and snikt (the noise that Wolverines claws make when they pop out), put them together you have one weird picture and easily remembered
BCNU - Crescent

My workplace force you to change the password every 30 days, so I used to take ages to think of them each time and I had to write them down too. Then a colleague mentioned his method, which is the first letters of the names of his wife and children, followed by the month and year (in text or numeric format). I've adopted this approach, and it works perfectly. Might not be that secure though, but you can use a similar approach of just rotating the month and year bit and prefix it with characters of your choice...

Doesn't work for my boyfriend though, his workplace make him change all his passwords (about 4) every month, and some of them check that the password entered isn't too similar to previously entered passwords! What complete gits!!!

I have nearly always used normal words - but skewed them up a bit, for example television -> veletision, or telebision (one key off). Actually, this started when I once put the same typing mistake in both the Password and Verify Password boxes. Oops.

There are hacking programs that, when given a specific account eg MSN, Yahoo etc. and a person's log-in name, run through every word in the dictionary to find the password. So putting a spelling-mistake or a number in your password is advisable.

I also heard somewhere - can't remember where, probably on a Guide entry somewhere - that the most common passwords are QWERTY (for the lazy and unimaginative), FRED (look at the keys on the keyboard), and for the uninventive, PASSWORD.

Football teams/players, pop groups/stars and actors/actresses are also favourites, so make sure you're not predictable and use your famous crush as your password!

Lisa

I am an actress, so I usually use the first names of characters that I have played. This makes it easy to remember, and I don't have to fiddle around with numbers or clever remembering devices.

And if you get a clever password cracking program it will try combinations of numbers replacing letters eg 1 for L or I, 3 for E and of course 0 for O. I'm sure that there are ones which will try typos of words (most likely including things like one character on a keyboard off typos - harder but doable). Most also allow the user to specify the dictionary file to be used, so if you're trying to crack a password file where you know that a number of the users are greek for example, find that greek dictionary on the net.

Hackers are such a pain