IDN Forums - Internationalized Domain Names  
Home | Advertise on idnforums | Premium Membership

Go Back   IDN Forums - Internationalized Domain Names > IDN Discussions > General Discussion

General Discussion Feel free to talk about anything and everything in this board.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 7th February 2009, 04:59 PM
mdw's Avatar
mdw mdw is offline
Member
 
Join Date: Jul 2006
Location: upstairs
Posts: 838
iTrader: (24)
Rep Power: 576
mdw is an unknown quantity at this point
start getting smart about passwords

The recent policy change at namedrive is annoying to me, but totally necessary given the general view that passwords are too much trouble to do right. Every so often I like to get on this soapbox when I see customers or friends using one weak password for everything in their life. Here's a short summary from a post I wrote recently in a blog of mine.

In case you don't know there are sites built every day where user passwords are stored in the database as plaintext. There is no excuse for this, yet it continues to be commonplace despite easy-to-use encryption libraries and openID. If you want to combat this practice, then simply refuse to use any site which allows you to have your password emailed to you.

Learn to use an algorithm for your personal passwords. The important thing is to choose something that you can do in your head, so you don’t need to write down passwords. Start with a three step process, four at most, to keep it easy. I also recommend basing it on info specific to the website in question using both the domain and extension. Here’s a simple example.

1. split the domain name as follows:
- if 2 words, split the words
- if more than 2 words use only last 2 words and split on word boundary
- if only one word, acronym, etc. then split after 3rd character
- if string < 4 chars, use it twice or use extension (foo.com => “foofoo”)

Insert arbitrary character (ex: dollar sign) between the two tokens
- ex: “foobar.com => “foo$bar”

2. reverse characters in domain w/out extension (foo$bar => “rab$oof”)

3. replace the first vowel with a number
- one common strategy would be a=>4, e=>3, i=>1, o=>0,
- map u to whatever you like {u, v, uu, whatever}

4. do something crazy, like append the letter Q onto the string

Using this algorithm, your password for the site foobar.com would be:
Code:

foobar => foo$bar => rab$oof => r4b$oof => r4b$oofQ
Change the details, change the order of the steps, add you own twist. It’s easy to create strong passwords unique to each site, just pick a strategy and stick to it.
Reply With Quote
  #2 (permalink)  
Old 24th February 2009, 06:31 PM
mdw's Avatar
mdw mdw is offline
Member
 
Join Date: Jul 2006
Location: upstairs
Posts: 838
iTrader: (24)
Rep Power: 576
mdw is an unknown quantity at this point
Re: start getting smart about passwords

You might want to check and see that your password is NOT on this list: http://www.sophos.com/blogs/gc/g/200...onficker-worm/

BTW, the number one password to brute force is always just a sequence of integers starting with 1 and continuing until the minimum password length is satisfied. e.g. min length is 4 => '1234', min length 6 => '123456'
Reply With Quote
  #3 (permalink)  
Old 24th February 2009, 08:28 PM
Senior Member
 
Join Date: Dec 2006
Posts: 1,036
iTrader: (32)
Rep Power: 729
khurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished roadkhurtsiya is on a distinguished road
Send a message via Skype™ to khurtsiya
Re: start getting smart about passwords

Nice article. Using strategy like this to create passwords.

You should consider, that many sites do not allow some characters, like $, &, # and even @, so try to make strategy with a-z, A-Z, 0-9 and may be - or _.
__________________
Киев.com.ua - offers welcome
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 07:42 PM.

Site Sponsors
Your ad here
buy t-shirt
מחיר הזהב

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Copyright idnforums.com 2005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54