Friday, July 21, 2006

Interesting, yet sort of obvious

I was searching for something unrelated on the web and turned up this article about what your password says about you. It turns out, the answer is "nothing very surprising."

If you use you kid's name as a password, you're "family-oriented."

CC's passwords range from inside jokes with the CSO to her "camp name" from Girl Scout camp in the 6th grade. Doesn't say much about that, but I can extrapolate from the article that inside jokes and connection are important to me (true) and that girl scout camp was a time that I particularly valued (false.)

CC

8 comments:

Epilonious said...

I remember theCSO cluing me into a wireless password once... and it seemed to exist solely to solidify his wonderful, fantastic geekery.

powderblue said...

I'm assuming no hackers read your blog who have an interest in breaking into a category of my work files, so I'll share a tip. I use the first seven letters of our Unitarian Universalist seven principles. Since I type this mnemonic so often, it helps me remember the principles -- and in order at that!

LaReinaCobre said...

I don't think passwords say much about a person, but they may shed light on the person's relationship with whatever it is they have passworded.

UU Jester said...

A friend of mine once shared his log on password with me. It was a first letters of the first names of his five closest friends (of which I was honored to be one), the number 4, and then his first name first letter.

It was really touching.

I have a password tip to share.
Since every website wants a password and it isn't a good idea to use the same password for everything, I use a password system.
Pick a word and a number you can remember.

For example... let's use Emerson5.
Now add the first letter of whatever site you are on to the front of it and the last letter of whatever site you are on to the end of it.

For Blogger it would become bemerson5r.

A word generator won't find it.
A good guesser won't figure it out.
It has letters and numbers.
It is short.
The password is unique to the website you are using.
And... the reference/reminder is always in the title or address bar of the website you are visiting.

(Of course, if someone knows the system and finds one password, they can figure them all out-- but that would have been even more true if you used the same password for everything. No system is perfect.)

kim said...

I just use the first one that was suggested to me by a website.

Joel Monka said...

I've seen my friends enter their passwords, and they all use the same one: *******

LaReinaCobre said...

LOL, Joel.

Jester, your idea is a good one. I have a zillion passwords for everything. I used to go with the last place I vacationed to, but that got confusing because two years later I'd be trying three and four different passwords trying to remember what trip I had been planning, anticipating or on when I created the password for a particular website. Bad idea.

Now I go with word combos that would be totally random to anyone who wasn't living in my head, but make total sense to me. For example, one of my password is the nickname of a classical composer and the name of a piece of music that reminds me of his work. Plus some numbers of course.

Heaven help us all should we get amnesia.

TheCSO said...

Funny story from work. I'm troubleshooting an email problem and need local IT to reset the password. Campus IT guy says "okay, let me think of something simple to set it to.." But no, apparently "simple" meant only 8 random characters instead of 16. The new "simple" password was something like "JK5-3~g!". And I honestly believe that this WAS a simple, low-security password for this guy.

I really would like to be like that. I'm not, quite. I try to have secure and hard-to-guess mnemonic passwords for important systems; admittedly some of my website forum passwords, etc, are a bit simpler. One of the major password-exposure risks is when you create an account on RandomGuy's blog or SomeRandomForum.com and someone gets that password. If it's the same password and email address as your PayPal account, for instance, you're going to get ripped off. Also, a lot of people think that "l33t-ing" words by replacing letters with numbers makes them more secure; it's only a marginal help. Dictionary brute-forcers have an option to check those combinations too, now, and it doesn't even slow down the cracking run very much. Much better to have the numbers you include make no sense, at least to anyone else.

lareinacobre: (Now I go with word combos that would be totally random to anyone who wasn't living in my head, but make total sense to me. For example, one of my password is the nickname of a classical composer and the name of a piece of music that reminds me of his work. Plus some numbers of course.)
This is the *best* method for personal passwords, unless you're lucky enough to be one of the few people (not me) who can easily memorize a different random 16-character string for every password they ever use.

Oh, and Joel - LOL. That's great. I wonder how long it would take someone to guess that as an actual password? Seriously, it's amazing how often a blank password stymies people trying to guess it - they'll try all sorts of stuff but never try just leaving the password field blank and pressing enter.