Barney's Blog

Blog archive

Doug's Mailbag: What's Your Password Strategy?

Readers share some tips on strengthening password security:

As I set up routers or servers, a password that I always use is simple, effective and easy to remember. Here is my algorithm:

Lets say the router is at the following address:
123 Noplace Lane
Missoula, MT 59808.

The password for the router would be:
!@#N0pl@c3l@n3%(*)* 
123noplacelane59808 


As you can see we have special characters, uppercase letters, lowercase letters and its not a word that could be found in a dictionary or brute force attack. Numbers are simply typed in using the shift key while entering them in to grab the special characters. The first letter of the street is capitalized, letter 'o' is always changed to a zero, 'e' is always changed to a '3' and 'a' is always changed to an '@.'


The client just follows those simple rules and walla, a hard-to-crack password that is easy to remember.

-Jay 

I created a fairly complex mental 'algorithm' to generate passwords. With it I create unique, complex passwords for each use. The 'algorithm' exists only in my head and it would be nearly impossible to recreate it from a single password.
-Glenn

Managing passwords in a secure way can be a real challenge, as you point out in blog post. We've found a solution that works for us in Secret Server, an enterprise password management software solution from Thycotic Software. We like it because passwords are stored in an encrypted database and it assists in creating and managing password access levels for administrators with different authority levels. And you can audit password views so you always know who has accessed which passwords.
-Dan

Share your thoughts with the editors of this newsletter! Write to dbarney@redmondmag.com. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 03/19/2012 at 1:19 PM


comments powered by Disqus

Reader Comments:

Tue, Mar 20, 2012 Jack Bouknight City of Charlotte, NC

Years ago, in VMS land, we had a password generator that generated seemingly random letters and numbers, except that phonetics was included so the password was easily and quickly remembered by the user who did not have to write it down. That along with a short validity period and a password history of the last 100 passwords provided us with a pretty good password environment.

Mon, Mar 19, 2012 Chaz Boston

Jay, if I'm not missing something, you just revealed the passwords of your routers and servers to anyone who knows the location.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.