You are invited to Log in or Register a free Frihost Account!

Password formula

we've all got accounts all over the place.
in my case: this one, my paid hosting, facebook, mail account, school accounts, server accounts, linux accounts, several account at work, ect...
having 1, 2 or even 3 different passwords is better then having 1 password, but still.
lets say you have 1 password for general websites another for mail accounts and hosting, and other which are for more secure sites like ebay, paypal and maybe even your banking site.
if the later is guessed, all those accounts have been compromised.
remeber when the sony online servers got hacked and millions of user accounts were stolen?
those account details had email address, password and sometimes even physical addresses, which most people will use to register on... any site.
Well those people needed to change their password fast or they could become a victim really fast.
That is why I started to use a "formula" to make up a password.
I'm not talking about a password manager or similar but a simple formula that can be applied on any logon.

here's how I do it:

I started off with pattern like: §{SYSTEM-NAME}~{USERNAME}_
systemname could be a computername or even a website

1: each New Word Will have a capital letter,
2: the first vowel of the first word, the second vowel of the second word, the third... ect, is changed to it's 1337 equivalent.
*** if there is only 1 vowel in the second word then there is no change in the word

so let's say i have an account "johnDoe" on a site named ""

my Password will be §3xampleSit3~JohnDo3_

or an account on my debian machine:
cumputername: debian01
user root
user marco

this would give me §D3bian01~ro0t_ and §D3bian01~Marc0_

that way you only need to remember your formula instead of each individual password

PS: I'm not using the formula I posted here Wink

PS II: You can also use this on password protected archives.
Like: §SOmeArch1ve_
A formula like this would presumably protect your different accounts from mass compromise situations where hackers weren't paying much attention to individual entries ... but in a more personal situation (say, an angry co-worker got their hands on your company password) then there is, if anything, a HIGHER chance of them noticing the formula and trying to break into other accounts of yours. Using an offline password manager with unique and randomly generated passwords is still the safer option.
good point, if they really wanted they could get their hands on my password by installing a keylogger or something.
But then they still need to recognize it as a formula-based password.
the formula I used was an example, you can make your formula look like anything.
!{NameOfYourDog}_{usernam}${YEAR}..... anything.

having a password manager also has it's downsides.

-> If the same angry colleague get's your passwordManager's password in the same way he/she figured out the other formula-based password you are in the same situation.

When you work on different PC's each day ( roaming profile ) then you would need to keep this manager on
A: a shared drive which most admins here are able to view, edit and delete (same risk)

B: local drive which would mean that you will need a copy of the program on all of these PC's and on which another colleague will work each day with the same local admin rights. ( same risk )

C: a portable drive which is not an option for me as the machine doesn't have working USB ports.
and if it did, they could still get the password of the password manager with a key logger and make a copy of the manager's files

-> your password manager only has 1 weakness, which is a static password.
the formula based password also has only 1 weakness, which is it's formula.
Even if you know the formula it is hard to find the actual password.
Well, I guess a password manager does have risks and downsides if you need to access your passwords from multiple or shared computers. You could still memorise just the few you needed at work (or use a formula if necessary) and keep the rest randomly generated and safely stored on a home PC, though - if nobody else has physical access to it and the manager is offline then it shouldn't really be vulnerable at all unless you've managed to instal malware yourself on the machine.
Related topics
htaccess Password Protection
password problem
Does Frihost's SMTP server require login and password?
HELP! I registered, but never got my confirmation email.
Why are no admins helping me?
Password Protecting Directories?
Formula 1
Daddy's Password
how can i change password in my database?
How to bypass your BIOS Password
Need New Password for account
Cant change my password
winrar password
password coding help
Reply to topic    Frihost Forum Index -> Miscellaneous -> Tutorials

© 2005-2011 Frihost, forums powered by phpBB.