Comments on: Unique and Complex Passwords for Everything

By: jeopardygame

jeopardygame — Mon, 18 Feb 2008 12:04:32 +0000

Hi Becca, It’s not mine, I found it on a stock photo site. Go for it.

By: Becca

Becca — Sun, 17 Feb 2008 23:26:23 +0000

Hi there, just accidentally came across your blog whilst looking for pictures of the Earth, I was just wondering if that picture you posted is yours; if so would it be okay if I used it?

By: paralleldivergence

paralleldivergence — Tue, 21 Aug 2007 06:47:36 +0000

Hi GreenLantern! But it’s not my scheme. It’s yours. You make up your own stub and define what the suffix looks like. People would need to know two of your passwords for two separate accounts before they’d work it out, and then that occurred because you were slack with your own security or you let a keylogger get installed on your PC or you were using a foreign PC that had a keylogger.

Then they’d also need to know your account names for each service.

By: GreenLantern

GreenLantern — Tue, 21 Aug 2007 04:21:46 +0000

This is a great idea. I don’t know how many times I have had to click on the “Forgot your password?” because I didn’t remember what random string of letters and numbers I used when I signed up for whatever it is that I am logging into. However, the only thing that worries me is if someone breaks your scheme. They can now get into everything.

By: paralleldivergence

paralleldivergence — Mon, 20 Aug 2007 11:59:21 +0000

Thanks Jeff. I have been a bit slack here. Been too busy making a whole other blog and really cool software to go with it: http://jeopardygame.wordpress.com – I think this whole password security issue is huge and we all need to take a much closer look at it.

By: Jeff

Jeff — Mon, 20 Aug 2007 10:46:07 +0000

Really good post. I was talking with some friends recently about this exact thing. I am sure there are plenty of people (me included) who need to rethink our online security and ideas like thing will go a long way in helping to address the problem. btw I was wondering when the next post was coming…..

By: jeopardygame

jeopardygame — Mon, 20 Aug 2007 06:01:08 +0000

Good advice that I’m sure we should all consider. This blog has such a nice layout.

By: paralleldivergence

paralleldivergence — Sun, 19 Aug 2007 21:32:53 +0000

Thanks Geoff and Brianna for the comments. Kay, you are right. It definitely depends where and how you use this technique. For those “untrustworthy” sites, or sites where I know I’ll rarely go back, I use a common, simple password. Certainly, I think unscrupulous people would need two of your passwords to work it out, otherwise, if you mix your stub and suffix up well, they probably won’t bother on first look. A bit like the car with a steering wheel lock vs one without. My biggest concern is people writing passwords down with step by step instructions for what they are for. Staggering. Thanks Kay.

By: Kay at Suicyte

Kay at Suicyte — Sun, 19 Aug 2007 20:33:42 +0000

In most instances probably a good idea. However, there are a number of occasions where I would not advise to use this technique. There are some places that don’t think much of password security, Among those are sites of dubious quality or intents (but you don’t have accounts there anyway, don’t you?) but there are also other places that look trustworthy but still do things like sending passwords unencrypted by e-mail. If you use a password that follows the advice in this post, it will be rather easy to guess all your other passwords.
I know this from my own experience. I am a scientist and frequently have to review other people’s manuscripts for scholarly journals. Nowadays, this is done by manuscript handling systems, which (of course) require that you set up an account. I was really surprised that I received more than one e-mail from journals, going like “…for doing this, just log into our manuscript handling system. Your account is XXX and your password is YYY….”. And yes, I had used a password consisting of a stub with the name of the journal appended. I have changed that (and my stub) very quickly after this experience.

By: Brianna

Brianna — Sun, 19 Aug 2007 10:24:08 +0000

Cool cartoon! Thanks for the tips. I think I might go change some passwords.

By: Geoff

Geoff — Sun, 19 Aug 2007 10:22:58 +0000

What a great idea! Thanks for sharing this. It makes a lot of sense and I can see it’s really an excellent method to boost the security of personal data. Well done.