LinkedIn Twitter
Publisher / Editor @ CloudAve and Enterprise Irregulars. Industry Observer, Blogger, Startup Advisor, Program Chair @ SVASE (Silicon Valley Association of Startup Entrepreneurs). In his "prior life" spent 15 years immersed in the business of Enterprise Software, at management positions with SAP, IBM, Deloitte, KPMG and the like.

5 responses to “The Password Conundrum”

  1. Robert Eastman

    Zoli, the solution I have arrived at, which has worked like a charm for me (with one hitch – more on this later), is as follows. (I regret that I have lost track of the source that I got this from, which surely deserves credit for a tip that has made my life much simpler.)

    > Make your password a two-part password.
    > The first part is a strong password base, but a base that is easy for you to remember. (This base probably needs to consist of a mix of 2 of the following three forms: letters, lower and upper case, and numbers.)
    > The 2nd part of your password is not a set series of letters or numbers, but a formula (also easy to remember) that you use to customize your password to be different for each website that you visit.

    The example I use in my October 2009 blog post, “Passwords (Not) As Easy as 123″ (http://nettingitout.com/2009/10/07/compromised-passwords/):

    “As an example, if you used the word “yes” as the root of your password, and then customized each password by using the first two letters (in upper case) of the name of the website, then added two numbers (say, “07″) that were meaningful, and then added the last two letters of the website (in lower case), then your password for Yahoo would be: yes + YA + 07 + oo, or yesYA07oo. Your password for Google would be: yes + GO + 07 + le – resulting in the password “yesGO07le”. You could obviously come with your own very creative (but memorable) variants of this technique.

    “This method is very secure because you are mixing letters and numbers, mixing upper case and lower case, and because you are using a different password for every website. The password is easy to remember because you are using the same root every time, and then customizing the password the same way every time.”

    The hitch: Different websites allow different lengths of passwords. So, the very memorable, strong, creative password that you devise to work with one website will be too long for another website. Why some websites insist in placing what seems to be an arbitrary limit of, say, 10 characters on the length of your password escapes me. There may be a good reason for a website to do this, but this has forced me to come up with not one formula, but a couple of formulas to accommodate websites that place greater importance on their website field length than on my password security.

    Bob Eastman, SMB Research LLC

  2. Atlassian Security Breach and Warning

    [...] well, hours after telling you not to change passwords, now I am telling you to change it… but this time with good reason. Minutes ago I’ve received a [...]

  3. Paul Boal

    You forgot the third option of: BIOMETRICS

    Advantages:
    It’s a physical device.
    You can’t accidentally lose it or leave it somewhere.
    It’s harder (but not necessarily impossible) to steal or impersonate.

    Disadvantages:
    You can’t share it when “sharing is appropriate”. (Of course, we could have who debates about that.)
    It is highly personal, and many privacy advocates would have a hard time with that.

  4. Jennie

    I use Sticky Password manager, because it is a great tool to use.

  5. The Last News You Want to Hear is LastPass Hacked. Now What?

    [...] algorithmic passwords: combination of a fix portion (letters, numbers, upper & lower case) and a formula that changes the rest of the word based on the site you log into. Here’s an example. [...]