I don’t like to keep any security stuff in “the cloud”, written down anywhere, or even on my own devices. It’s too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
I thought I was the only one who did this! Most people I explain it to say I am insane, but it doesn’t take that much training to get down, and I know 100% that nobody can steal my credentials unless they drill into my head.
“All they have to do is break two of your passwords, and they can reverse-engineer your passwords!” - Maybe, if they have a super-computer…
“It’s so much work” - Once. It’s so much work once. Then, it’s much easier than loading software or digging out a dongle every time you log into anything up until you decide to change all your algorithms…
“What happens if you forget?” - What happens if you forget?
For my old job I used to have to manage about 60 passwords that all had different time limits on when they needed to be changed (one was every 3 weeks and some lasted a year for example). I never used a manager because of 2 reasons; insuring my passwords on someone else’s computer (aka the “cloud”) is fundamentally insane and maybe more importantly the passwords are not used all on the same machine (end users server, phone, laptop, on the phone etc.).
If I did not use a similar system of “algorithms” I would go insane. Although this was on paper or in my head. I would normally use the month changed, and a cycling root password with the needed special characters in between. For example for a password changed today that required a min of 8 characters and at least one cap and special it would be “Jun” + “!&@” + “1Firstoflistpassword” if there was a limit of say max of 8 then it would not use more then the first 2 letters of the password and if no special characters permitted then the center was dropped.
This is the situation I’m in. Half-a-dozen clients in the energy and automotive industries, each with multiple security regimes and short timeouts. Passwords mutate with time and I stay sane…
I hated one NOC that required a 6 digit numbers only password that needed changing every month. It also could not be one used in the last year. Most pointless password ever. Keep in mind this was to reach lvl 2 to say reset a switch or whatever so I would think that there was so many people with passwords that you would have a hard time not entering a valid password.
I don’t like to keep any security stuff in “the cloud”, written down anywhere, or even on my own devices. It’s too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
I thought I was the only one who did this! Most people I explain it to say I am insane, but it doesn’t take that much training to get down, and I know 100% that nobody can steal my credentials unless they drill into my head.
I have regular nerd-arguments about it:
“All they have to do is break two of your passwords, and they can reverse-engineer your passwords!” - Maybe, if they have a super-computer… “It’s so much work” - Once. It’s so much work once. Then, it’s much easier than loading software or digging out a dongle every time you log into anything up until you decide to change all your algorithms… “What happens if you forget?” - What happens if you forget?
For my old job I used to have to manage about 60 passwords that all had different time limits on when they needed to be changed (one was every 3 weeks and some lasted a year for example). I never used a manager because of 2 reasons; insuring my passwords on someone else’s computer (aka the “cloud”) is fundamentally insane and maybe more importantly the passwords are not used all on the same machine (end users server, phone, laptop, on the phone etc.).
If I did not use a similar system of “algorithms” I would go insane. Although this was on paper or in my head. I would normally use the month changed, and a cycling root password with the needed special characters in between. For example for a password changed today that required a min of 8 characters and at least one cap and special it would be “Jun” + “!&@” + “1Firstoflistpassword” if there was a limit of say max of 8 then it would not use more then the first 2 letters of the password and if no special characters permitted then the center was dropped.
This is the situation I’m in. Half-a-dozen clients in the energy and automotive industries, each with multiple security regimes and short timeouts. Passwords mutate with time and I stay sane…
I hated one NOC that required a 6 digit numbers only password that needed changing every month. It also could not be one used in the last year. Most pointless password ever. Keep in mind this was to reach lvl 2 to say reset a switch or whatever so I would think that there was so many people with passwords that you would have a hard time not entering a valid password.