On Sun, Oct 23, 2011 at 08:51:40PM -0500, Harry Penner wrote:
> > I should try that.  What I've been doing instead is using a certain format
> > for the password, something like #:xx637FUbar where the xx part is replaced
> > by a couple of letters based on the name of the machine or system I am
> > connecting to.  That means that I have different passwords on every system,
> > but I can still remember them.  I guess it is theoretically possible for
> > someone to figure out what I've done, but I think that is very unlikely.
> >
> > Mike
> 
> I've read in several 'security' places (conferences, blogs, etc, take
> 'em all with a grain of salt) that that's a very effective way to
> manage passwords.  The idea being that (1) the main component of the
> password is "strong", but there's only one so it's not too hard to
> remember, and (2) the site-unique piece of the password prevents the
> vulnerability associated with using a single (however strong) password
> for multiple sites.  Since it's completely unreasonable to expect a
> normal person to remember multiple "strong" passwords, it's what I
> recommend to extended family and friends.

   http://cuddletech.com/blog/?p=666 and xkcd make a good point in that we
   should not be using pass-words but pass-phrases.  More entropy and
   easier on our brains.

Cheers,
florin

-- 
Don't question authority!  They don't know either.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20111024/08091bca/attachment.pgp>