Outsmarting Smart Password Generators

There are lots of password generators out there. The only problem is, if you use them, you generally have to write the password down in order to remember it. And most people who do this, keep the password handy to their computer. All a thief has to do is look under the keyboard.

I do a couple of things to create my own passwords:
  1. I base the password on a name, friend or family, but I pick someone who is distant and who I don't converse with much, like a cousin twice removed. Generally a smart password has to have numbers and letters (2 upper case, two lower case, and a special character). So, if I pick, for example, John Smith, the password is J0hn!Sm1th. Or,
  2. I base the password on an address. Either some address I've lived at early in my life or a friend's address, especially if they live a long way from me so immediate friends won't know the address. So my friend living at 1240 Maple, the password might become 1240maple or 1240Maple (yeah, these aren't smart passwords, but you get the idea, and it wouldn't take much to create a smart password).
  3. These systems work especially well on those websites where your password expires after 90 days.
Now, don't everyone go out and create B2rak!Oba6a as a password. (The "a" corresponds to 2 and "m" on a phone keypad corresponds to 6.)

Anyone else want to weigh in?
John Bull's Avatar
You're correct, Charles on all counts. I use a generator that also stores the password in a vault. Now to get into the vault you need - guess what? - a password but you only have to remember one. There are other neat features such as being able to sync several computers. The name of the program is RoboForm and you can Google it. Pretty inexpensive too.
Rudyard K's Avatar
I use RoboForm too. It is great.

You can store passwords...you can sinc it to your home computer. You only have to remember one overall password. It even has s place to write safe notes to yourself inside the lock box...phone numbers, addresses, etc.

Finally, it also has an App that lets you sinc it to your I-Phone.

All protected by the one overall password...make it as complicated as you can remember.
You're correct, Charles on all counts. I use a generator that also stores the password in a vault. Now to get into the vault you need - guess what? - a password but you only have to remember one. There are other neat features such as being able to sync several computers. The name of the program is RoboForm and you can Google it. Pretty inexpensive too. Originally Posted by John Bull
I use RoboForm too. It is great.

You can store passwords...you can sinc it to your home computer. You only have to remember one overall password. It even has s place to write safe notes to yourself inside the lock box...phone numbers, addresses, etc.

Finally, it also has an App that lets you sinc it to your I-Phone.

All protected by the one overall password...make it as complicated as you can remember. Originally Posted by Rudyard K
Kewl!!!

Iron Key (https://www.ironkey.com/) has a feature that saves your passwords for each site, so all you have to do is mount the Iron Key and remember its password. Even so, I don't trust it very much and don't use the password storage feature.
who learned she had keylogger installed on her computer by a jealous boyfriend. She went in and changed all her passwords to her personal and financial accounts, from a different computer, but continued to allow him access to her email account which seemed to be what he was mostly interested in. When she logged in at home, she logged in using the on screen key board, not the actual keyboard itself.

Brilliant I tell you. Wish I could take personal credit for the idea.
niceguy's Avatar
I have used roboform2Go for several years and think it is great.

I can plug it into any computer I am using, and then unplug it when done. Nothing is left behind.

It also has a feature where you can make identities which you can use to fill in forms that you need to use sometimes (like when buying something online).

I cut and pasted this from their web site:


RoboForm2Go: RoboForm Toolbar on a USB Drive
RoboForm2Go gives you the freedom and flexibility to carry all your passwords, contacts, and bookmarks, with you for use on any computer - anywhere in the world. Since RoboForm2Go runs directly from the USB drive, you can use it on any computer without leaving any personal data behind. You can enjoy RoboForm2Go worry free knowing that it encrypts your information with military level AES encryption to achieve complete security.”

Here is a link for any that might want more info:

http://www.roboform.com/

I generate most of my passwords based on something from my childhood or something else from long ago.

You can also use Roboform to generate passwords for you (just another option).
atlcomedy's Avatar
Charles,
I pretty much use the same thing you do. There definately is a pattern to mine, but nonobvious. If someone broke one and knew me well they'd probably be able to break the other ones.

RK,
I looked at roboform but guess I didn't like the idea of everything being in one place. At least if someone gets into my credit card account they haven't gotten into my bank account, too.
~Ze~'s Avatar
  • ~Ze~
  • 12-09-2010, 06:38 PM
What about fingerprint readers? Opinions on those?
What about fingerprint readers? Opinions on those? Originally Posted by ~Ze~
Problem here is that it is just a hardware protection. Hard to buy a computer with one already installed, so you have to add one of your own. In addition, to make it helpful, all your websites (banks, cc's, ECCIE, etc.) would have to have logon software that would read your fingerprint. As far as I know, no one has this installed.

And obviously, if it is, then it is probably fairly easy to hack and get your print from the website, which would give the hacker access to a number of your accounts.

What I do is have a number of different passwords. I keep the list hidden deeply in my (ancient) Palm Z22. I normally remember my passwords, but in case I don't, I have the Palm backup. In order to find the passwords, you'd have to be able to hack my Palm, and then know exactly where I keep it. I carry the Palm with me at all times, and there's a backup on my laptop (it takes two passwords to get into the data that resides on my laptop--a real PITA as I can attest).
Here is how you create a password that is very hard for someone to crack but also easy for you to remember. You make up a sentence then take a letter(or vowel) from each word.

For example:
I will do anything to get laid (password iwdatgl or you can have IwdAtgl by capitalizing vowels)

I was graduated from UTH in '79 (password IwgfTXU79)

My first car is 2004 TrailBlazer. (password mfci2004TB)

Now all you have to remember is a sentence.
Rudyard K's Avatar
Mine would have to be ICRS.
discreetgent's Avatar
Mine would have to be ICRS. Originally Posted by Rudyard K
I Can't Remember Sentences ? lmao
John Bull's Avatar
I Can't Remember Sentences ? lmao Originally Posted by discreetgent
I think it was more scatalogical than that.
Rudyard K's Avatar
I think it was more scatalogical than that. Originally Posted by John Bull
I went ahead and looked it up for you WTF...

scatology /scaˇtolˇoˇgy/ (skah-tol´ah-je)
1. study and analysis of feces, as for diagnosis.
2. a preoccupation with feces, filth, and obscenities.scatolog´icalscato log´ic

And as usual...our fearless leader is correct.