Comments on: Power Passwords

By: Doug Cornelius

Doug Cornelius — Wed, 19 Dec 2007 05:13:06 +0000

Dennis -
Great article.
The problem I run into is that there are so many variations of what a site requires and allows for passwords. I routinely run into sites that will not take a punctuation mark or will not take numbers.

By: Chet Ensign

Chet Ensign — Thu, 13 Dec 2007 16:18:15 +0000

Great article. The best formula I ever heard for creating strong passwords was from a friend who uses the first letters to the words in the title of her current favorite song. She includes the capitalization and throws in a number for good measure. So a title like “Sure Looks Good to Me” gives you SLGtM9 for a password. For a short title, she might spell out one of the words but the end result is just as good.
Since I am not as big a music fan, I picked a different media type, but I use a similar formula.
What I liked about her technique is that it results in passwords that have all the hallmarks of a stong password yet are pretty easy to remember and reconstruct for yourself if necessary.
You can even leave yourself clues stickied to your monitor (e.g. “Alicia fav + 9″) without fear that someone will be able to crack the code.

By: Ed

Ed — Fri, 07 Dec 2007 00:49:21 +0000

I just read your excellent article on Power Passwords in my wife’s ABA Journal. I am an IT Security professional, and I was pleased to see that the magazine had a good article on making good passwords – it’s actually about as good as our article on strong passwords at work.
One trick that you missed mentioning, however, was programs to keep track of passwords. Apple laptops come with an excellent example, called Keychain Access, although there are various other such programs for Windows and Linux systems as well. Additionally, Firefox, and presumably other web browsers, have the ability to store passwords (Apple’s web browser ties into Keychain Access for this). Of course, the latter is only secure if either always secured, or the password store has a master password assigned.
With the combination of MacOSX’s Keychain Access, and Firefox’s password store, I’ve been able to manage my literally hundreds of password, without resorting to writing passwords in a notebook, reusing passwords, using weak passwords, or going crazy.
Note that I have a number of passwords which are not in such a database. Everyone should have at least two: their account password to log into their computer, and their password store password. I have a few more than this, because I’m in IT Security, but most people tend to not have that many.