password passnotes



Passwords are like tattoos of the Bishop of Peterborough dressed as Elvis: we’ve all got them. RIGHT? On that subject, Dylan muses upon the question raised by Jack in AMT236:

There are plenty of opinions in the IT community to support the idea that a password change policy is actually not beneficial in a meaningful way. In fact in some cases it can harm security as users who are forced to regularly create new passwords are more likely to choose easy to remember (and potentially guess) passwords, or to write passwords down or record them in a file.

However it really is a good practice to use a different password for every site you visit. The method I’ve used and recommend to other people is to use part of the site’s name or URL within the password you use. You start with a reasonably complex password that’s common to all your sites, and then modify it slightly for any given site.

So you could have “R4gh1p5” as your common password. On eBay you might then use “eR4ghy1p5” on that site – the same password, but you’ve added the first letter of the site’s name at the beginning, and the last letter of the name before the “1” in the password. This way you have a unique password on every site, but only have to remember the base password and the rule you’ve come up with.

Good tip, Dylan. For the legion of people whose password continues to be ‘password’, I’ve made your life easier: you just need ‘epasswyord’ for eBay, ‘apasswnord’ for Amazon and ‘gpasswsord’ for Geocities. I assume those are the only websites you use.


Tags: , , ,

One Response to “password passnotes”

  1. Finlay Says:

    I get annoyed when I’m asked to make a site account for a site I’m only going to use once. Inevitably it’ll want a password, and inevitably it’ll have a string of convoluted rules attached to that (eg, must have letters AND numbers AND capital letters and recently I found one that needed a symbol like &#@ in it too, which I’ve never done before). So my solution is to have about five different passwords, and to use different ones depending on the security risk I consider that site if it got hacked. The problem with the ones that have requirements is that if I have to make up a new password to meet the requirements I end up having to write it down (although as QI tells us, this isn’t actually a problem if you do it on paper, because your main concern is hackers, rather than burglars or sneaky family members).

Answer us back:

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: