There's a lot of talk about passwords, because of the Cloudflare problem.
So I am using this chance to let you know about my simple solution to the problem of passwords, password keepers, password forgetting, using "password" or "12345678" as a password, or my favorite because it seems good) Q@W#e4r5, and/or those little sticky notes with your password on it.
The way to do this is to have an algorithm that allows you to easily create a password based upon clues in the site itself. I have used several such and while mine today is a little more than this, this is enough to generate strong passwords that even if you know the method you cannot generate someone else's.
How does this sound?
You can generate a 32 digit (or any size) password that you never have to write down, but which you can type three years later without making a mistake. Generate completely different such passwords for every little page that wants your password, never have to memorize them, never have to write them down or trust a password keeper. Be able to do this rapidly and dependably every time, everywhere, and with a little practice, completely in your head. You do have to remember two things, but you won't be able to forget them, so it's not a big deal
You have to remember a combination of three characters, a capital letter, a number and a "special character". You will put this at the beginning or end of your real password. Because most sites don't let you know on the sign-in page if they require them, you will have to use them every time so you don't have to remember which page requires them. Mine are not R%5, but I got that by pressing the capital "r", the shifted 5, and 5. Easy to remember, it would be mine forever. Except mine is different.
Then you have to remember your pass phrase. It's the same for every password. It's a quotation or a saying or a poem or whatever you want. For ease of example, let's say that you chose "alphabet".
Then you have to remember this wheel. Or keep one on you, or look it up, or draw it out when you need it.
This simply gives you the value of the letters and shows their placement if they were in a circle. This is important, because we are going to do a type of letter shifting and we need to shift from the end of the alphabet to the beginning sometimes.
(Image from my old hard drive, but found openly on many sites, I actually use a different one with more complexity)
Here's what you do, you go to a page, pretend that it's "Microsoft Knowledge Base" and you simply add your pass phrase to the relevant part of the name. For today let's just choose "microsoft" but generally you want to choose enough to distinguish it from other microsoft pages. I recommend always choosing the first three words that are present on the title page and describe the page. You don't have to remember them, but you have to be able to choose them again the next time you go, so you need a method.
Then you just add the values.
Microsoft +
alphabet =
12,9,17,34,14,19,18,25, the for the last one you start over again with the "a" in alphabet, 19.
Then you retranslate for numbers to letters, going around the circle to get the 34 as a letter.
mjriotszt
Then add your special characters, "mjriotsztR%5".
Now that's pretty good right there, but you want a passphrase that is more like "Time and Time wait for no man" which is 23 characters. Or, "I will never forget my password again", which is 32 (spaces don't count and aren't used in this example).
It's the complete unpredictability of your passphrase which causes the password to be unique, and if you use another method, like picking the first three words then reversing them "base knowledge microsoft" or any of a hundred other distortions, you make it not worth even trying to find your password. It would be easier to kidnap you and force you to open the site yourself. Maybe your facebook page is that critical, I don't know. Once you do this and see the advantage, when you go through and change all your passwords, you can add other things.
The point being that you have an algorithm, and you apply it when you sign up, and if necessary, you re-apply it when you go back to sign in. You create and recreate the password on the fly, so you never have to remember it.
I've been doing this for about 20 years, so it seems easy to me. Let me know if you have a security problem with it and want to go back to using "Password123#" 8-), no seriously, I welcome any critiques.
All images from pixabay or my camera unless otherwise noted.
Please try my Future History stories - Enmity
So what happens when you need to change your password because Cloudflare dumped your session to some other user? They can now get in to your account unless you come up with a new algorithm which you have to remember alongside the original one, on top of which you need to remember which accounts are using which algorithms.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
No, you simply change your passphrase. Even if you write those down in an open list, no one can use them unless they also know your algorithm and your special characters. So when you go to an old page, you just try the old passphrases and then change it to the new passphrase (keeping the same algorithm). But you should change all your passwords on a schedule. With this, that becomes less of a problem so you are more likely to do it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
For a post that is supposed to help you not forget....That sure is a lot to remember...But it would work.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's less than the maybe 1000, 32 digit passwords I have scattered around the web. Once you learn the wheel it's really easy after that.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
As a programmer this make sense to me. I was also fond of passing codes around in physics class in the 80s in high school and trying to crack them.
I hadn't considered using aspects of the site itself to help me generate a password using an algorithm. I like it. I now need to think up an algorithm that works for me.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
There are many that I considered for this article, but the alphabet one seems the most commonly applicable. What sucks is when site changes it's main title and/or URL. I made an app to process a url into a password but I stopped using it after a few sites started putting "m." in their mobile site. It makes a different password.
My current one is a little different, but of course I won't say anything else about it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Well anything I come up with would also need to be something my wife could make sense of. I'd want her and my children to be able to access my things if/when something happens to me.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nothing could make a password picking discussion more complete than this XKCD comic....
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I almost posted that but stopped so it wouldn't seem like the focus of the post.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The only problem I see is if the title/name of the website changes, other than that it's a very ingenious way to secure you accounts, thank you for this TIL.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
A good guide, thanks friend, upvoted and followed.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit