![\"crypto.gif\"](\"http:\/\/www.trustyetc.com\/trustyblog\/wp-content\/uploads\/2007\/03\/crypto.gif\" "\\"crypto.gif\\"")
<\/p>\nI had another person \u201cshare\u201d his password with me today. I didn\u2019t ask for it. He was having a problem with a system that required a username and password. Instead of logging in, he blurted out his password so that I could login.<\/p>\n
<\/p>\n
I gave him the normal lecture about security. I asked if he knew how many other people already knew his password, and how many people those people has shared it with. On top of that, this was his \u201cmaster\u201d password. By that, I mean he uses it for everything. Who knows how many people can log into his online class, check his email, sell his stuff on eBay and modify his MySpace page? I hope he did some password changing after our talk.<\/p>\n
I am somewhat of a password freak. How can you be surprised by that? For the last ten years my passwords have been varying strings of random characters. I don\u2019t write them down. In my opinion, I good password should never even be spoken. The reason is simple. My accounts tend to have a lot of access (grades, student records, etc). I need to have secure passwords.<\/p>\n
I tell my students this. A good password should be treated like underwear<\/strong>.<\/p>\n Don\u2019t leave it lying around. With all the things that require passwords, it is difficult to use good passwords everywhere without using the same one in multiple places. I have an account on Yahoo and an account on Google. I don\u2019t want to use the same password everywhere, but I want to use something that is semi-secure. I also need to recall it without pulling out too much hair.<\/p>\n A long time ago, I came up with a domain\/secret \u201chash\u201d that could easily be used to recreate a password. If I went to Yahoo, I would take the domain name, \u201cyahoo\u201d and mix that with a \u201csecret\u201d word, to make a unique password. It could be as simple as<\/p>\n ysaehcoroet<\/p>\n Google\u2019s password would be<\/p>\n gsoeocgrleet<\/p>\n The only problem with this is that someone from Google could see that I have added \u201cgoogle\u201d to the word \u201csecret\u201d and then they could use my algorithm on any page where I have an account. I needed something a little more complex (remember, I\u2019m a security freak).<\/p>\n I scripted up something that took all the letters of my secret word and domain name, converted them to ASCII, did some massaging and then parsed out chunks into a series of letters and numbers. I have been using this for a couple of years. I have it on a web page (running HTTPS). I can get to it from anywhere so I don\u2019t have to remember any of my passwords.<\/p>\n Recently I had to create a lot of accounts for domains that were very similar. I ended up having a lot of passwords that were very similar. I decided that I wasn\u2019t the only person on the planet with this problem, so I went looking for a solution created by someone with some crypto knowledge. Here is what I found SuperGenPass:<\/p>\n http:\/\/labs.zarate.org\/passwd_new\/mobile.html<\/a><\/p>\n You can save the source of this page to your own page. It\u2019s written in Java, so nothing needs to be processed by a server and transmitted over the Internet when creating or recreating a password. I copied it to my USB drive, my office computer and laptop. Now I can create a very good password any time and all I ever need to remember is my master password.<\/p>\n Now I have to change a lot of underwear.<\/p>\n","protected":false},"excerpt":{"rendered":" I had another person \u201cshare\u201d his password with me today. I didn\u2019t ask for it. He was having a problem with a system that required a username and password. Instead of logging in, he blurted out his password so that … Continue reading
\nDon\u2019t share it with friends.
\nChange it often.<\/p><\/blockquote>\n