Relatively often on Habré come across articles somehow related to passwords. For example, this
, or this
. The topic is interesting, and I decided to do my bit.
I have been using my method for five years, and during that time I have not forgotten any of my passwords. The average password length is 18 characters. Numbers, special characters included. I call this method the “mask method” and have repeatedly described it in the comments to the articles about passwords. So, a little step by step howto:
1. As the name implies, you need to choose a password mask. This string must be complex, contain numbers, alphabet symbols in all possible registers, special characters, etc. Remember all this biliberdu have one. Suppose I chose the mask "MySecrEt + * ###### _ 83". Here, the lattice characters are not part of the mask; instead, we will enter ...
2. ... your association with the resource where the password is used. For example, for Habr, the final password could be “MySecrEt + * itcommunity_83”. It is very important that your association with the resource fits into the mask as a “salt”. The first came to mind. For a root account, you can use the password "MySecrEt + * dangerous_83". You can not hesitate to use whole words: if your mask is complex enough, busting through the dictionary does not help reveal the password.
3. Now, when you go to any resource, you can not wrinkle your forehead - write your secret mask and the first association. If it does not help - the second association. The third. In my experience, the worst case is three attempts. There was some unknown resource, the association with which was not entirely obvious. If nothing helps at all, well, resetting the password and establishing a new association is often very easy.
After all these manipulations, we get a password that cannot be broken through (the password for the habr in the example is 24 characters long), which is difficult to search through the dictionary (this is possible only if the attacker opens your mask) and is very easy to remember.
In order to somehow delimit the security zone, you can use different masks for different categories of resources. For example, passwords to root accounts of servers - one category, passwords to social networks, twitter and other things - another category, five-minute trash - the third. So it will be possible to minimize the risks of disclosing the password mask.
PS If there are any other suggestions for improvement - write in the comments.
PPS I do not claim authorship of this technique. It is possible that someone before me offered this method.