Password Management

Password Management

2013-07-16. Category & Tags: Soft&Skills Soft&Skills

Many people have the problem of memorizing passwords in different web sites, so they decided to use one password for all the web sites. But the risk is obvious, if a hacker could get one of your accounts, it means all your accounts, maybe even your online bank.

Then one may try use different passwords for different sites … It becomes a vicious circle …

Here are some tips which you could use to generate your passwords.

  1. Categorize the web sites. For example, here are my categories:

    • Online Bank and other very personal accounts.
    • Business and social friends.
    • Free-hacking, very not important, one-time, or for downloading, etc.
  2. Decide “algorithm” for each category. For example, for the most important category:

    1. Choose a username. If you have a domain(like me), you could make use of it to have many emails, which is great. If not, then what you need is one category one email / username. Three usernames, or even several more, should not be a problem. Actually, I have …..  sorry, cannot count, toooooo many ….
    2. Choose a number. which should be meaningless. For instance, take your two friends’ birthday, (1950-05-16, 1966-06-19) and mix them together to 9165591. But how? This might be complicated: 1950-05-16, 1966-06-19 (remove middle)> 1950-05-06-19 > 195-56-19 (reverse)> 9165591. You may choose a easier-to-remember method, but make sure you did some reverse thing, so the continuous digits will not be considered as a number / birthday in a calendar, as the hackers would like to try birthdays first.
    3. Choose a string. The easiest way will be the name / domain / pinyin of the website, so you could have one site one pass. But make sure the hacker could not guess how you generate the string. For example, instead of use “google” for your gmail, “gg” (initilized pinyin) is a better choice, especially for non-chinese websites, as there is a wall between chinese sites and the others. “gg” could be optimized as “Gg”, so you could also get the capital letter(s).
    4. Choose a special characteristic. For example, single quote, equal sign, comma, dot,  etc….
    5. Concatenate the number, the string and the char. You may wanna put the char into the number to further improve the security and randomness.
  3. For less important accounts, the algorithm could become less complicated, but also make sure that even the hacker got one of the algorithms, they could not guess another one.
    Done