this post was submitted on 24 Jun 2024
431 points (98.0% liked)
Asklemmy
43463 readers
698 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is a method I heard once for remembering random passwords that I thought was clever.
Create your own alphabet of words (or random characters). A is for Apple, B is for Boy, C is for Cat…etc.
For every letter in the URL, you use the word from your alphabet. Ex:
www.facebook.com
F = Fog, A = Apple, C = Cat, E = Egg, B = Boy, O = Off, O = Off, K = Kite
Next, you need a number if you didn’t use one in your alphabet.
Facebook is 8 letters long so I might use 8. Or only letters repeated once. Or maybe you use the whole URL. Up to you, but you do it the same way for every site. You create a patter that you follow and can remember, rather than remembering every password.
Need a symbol? Assign that to the top level domain. In my example, .com = # .edu = ? .org = * etc
Put it all together and my example password would be “8FogAppleCatEggBoyOffOffKite#”.
A password for google.com might be ‘6GolfOffOffGolfLogEgg#’.
Obviously, you don’t have to do it this exact way with the alphabet, number, and symbol. The idea is that you create a set of rules that you remember and follow. If you write down “A = Apple B = Boy…” and someone finds it, it won’t be instantly obvious that it is meant for passwords.
Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?
Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don't think most sane people would do that... Open to ideas though.
I've come across several sites with abhorrently short password limits, as low as 12.
Worse, 2 of them accepted the longer password, but only saves the first n characters, so you can't log in even with the correct password, untill you figure out the exact max length and truncate it manually.
Even worse, one of those sites was a school authentication site, but it accepted the full password online and only truncated the password on the work computer login. That took me an entire period to suss out.
You just gave me a flashback to a system I encountered as a student where my password got truncated, so I couldn't log in. I had to ask the teacher what to do, expecting her to have access to a reset or something, but she just told me what my password was. It was like 3 and a half words, clearly truncated and stored in plain text.