Resolving the password issue - once and for all

This article has grown out of one detailed comment. For the ideas described there, I was thanked by several people in real life - so it was decided to arrange them in a topic.

So, how easy and relaxed it is to create and use unique and secure passwords for each site on which you had an account? How to make it so that after 3 years of oblivion, having discovered your moss-covered account, you will not hesitate to log in by entering a 15-character password, unique for this site, consisting of a set of letters and numbers that cannot be analyzed?
')
I have been using this system for almost a year, having come up with it after hacking my account in social. network - and will be happy to share with interested . And also - no less important - I would like to get feedback in the comments, more healthy criticism - and find out your options for solving this issue.

Knight's move

At some point, once again, with the recovery of the password from some service, I decided to solve this problem and never come back to it. Having broken my head a little, I decided that it would be best for a password to be generated by some ingenious and non-obvious surrounding system, which eliminates the tension of the recall muscle when entering the password altogether. All new accounts need to be created, guided by this system, and already created ones - to alter, changing the password, so that the algorithm for its input will gradually become identical for all sites. To implement you need quite a bit of self-discipline.

"Ten thousand monkeys in **** shoved a banana." Lukyanenko S.

The basis of the future password is a piece of unforgettable or easy-to-scolding English text. As an example, I’ll take the first three lines from Celine Dion’s song to Titanic:

Every night in my dreams
I see you, I feel you
I know you go on

We take the first letters of each word, keeping the register. There are only 3 lines. Remembering which word each word begins with is easier than typing this sentence. Result:

EnimdIsyifyTihikygo

replace i with 1, o with 0 - or any other pair of letters with numbers, of your choice. My choice is due to the visual similarity between "I" and "1", "o" and "0" - facilitates the replacement "on the fly", makes entering a password more mechanical, not requiring once again to think. Result:

En1md1sy1fyT1h1kyg0

Time for the main feint ears, which will ensure the uniqueness of the password on each Internet resource. "Bind" the resulting password to the site name. For example, we add the third and penultimate characters from the website address, or rather from the second-level domain name, to the 1st and last characters of the password. For example:

for mail.ru password iEn1md1sy1fyT1h1kyg0i
for google.com password oEn1md1sy1fyT1h1kyg0l

What, you have a Facebook account for a long time? Why not change the password in it:
cEn1md1sy1fyT1h1kyg0o

Binding to domains can be any other - characters in a domain name can be read, vowels and consonants can be counted separately, the main thing is that the password must be entered from beginning to end. We cannot allow the way in which the password itself is first written, and then the symbols attached to the site name are added to the right places.

Remember everything!

Yes, do not need to remember anything ...
Password Algorithm:

1) look at the address bar, count the 3rd character from the beginning, click the button
2) mentally humming a song, typing the password, making the letters of the beginning of the lines larger and replacing zeroes and ones on the fly
3) once again look at the address, we find the penultimate letter, append

Let's sum up

pros:

• High for web security
• Tremendous memeticity - impossible to forget.
• Password uniqueness for each web resource - when a password leaks from one, the threat to the others is minimal
• No need to remember anything ^*
• Visually, when you enter a password, you do not express yourself with anything - it seems from the side that you just remember everything by heart
• Motor memory is quickly developed - all this crazy character set is soon typed on a full machine
• If you accidentally entered the password in the clear with a witness, he will not understand anything and most likely will not remember, but he will look at you with respect
• It's funny - humming to yourself My heart will go on every time you type your password)

minuses:

• password leakage from two or more resources into one hand creates a serious threat to all accounts
• If you get too carried away, you can say it out loud instead of reading the text "to yourself"
• If you lose the password from the resource, you will have to create a new one - which will not be able to be remembered using the system. Further confusion may arise.

I would be glad if someone shared in the comments how to save such a system from its inherent disadvantages, while retaining the advantages. And what tags to put down - I do not think, eyes are already sticking together - I will be glad if someone tells a couple.

---

* the need to remember 2-3 lines of a verse or song (albeit in English), as well as the need to remember which song is generally taken as a basis and how many characters you need to count from the beginning and end of the domain name is one minute. Children in kindergartens deal with the first part.

**** The monkey phrase is a classic password from the Reflex Maze. The original was written in the English layout, with no spaces and with the alternation of the register.

upd: They corrected the comments - not ten thousand, but forty thousand monkeys (obviously, cryptographic strength is 4 times higher), the gaps are significant and there is a full stop at the end.