Date is a useful tool. Many people use weak passwords, and further use the same password for many sites online. Knowing this was a bad idea, for a long time I used a system that involved choosing an obscure word with several vowels and applying a simple cypher to make it more secure: aeiost 431057 …so that, for example, 'supercalifragilisticexpialidocious' became 5up3rc4l1fr4g1l1571c3xp14l1d0c10u5'. Occasionally I would also capitalize a non-leading letter. This is what is referred to as "leet speak", and the substitutions quickly feel natural, even if you use them for nothing but passwords.

However, these passwords are just as weak as the dictionary words they are based on, because it is as easy for a password-cracking program to perform these substitutions as it is for a human. If we use Firefox, we can do better with the help of smart keywords and the password storage feature. We can use a different password for each website, and rely on a master password (or a locked screen on our workstation) to prevent their use by someone with physical access to a machine.

Go to the password generator, click all the checkboxes, choose 50 from the Quantity drop-down, and finally click Generate Password(s). Presto! Pick one of the passwords and use it. Note that since the site was accessed via HTTPS, no one else is likely to have snooped the list you received. Even if the site is maliciously remembering passwords (which I doubt), it does not know which of the 50 you have chosen, or where you used it.

Finally, examine the URL:

Replace the length with a wildcard:

Save this as a bookmark with the keyword pw, and you can generate passwords quickly by typing F6 (select the Address Bar), "pw 10", Alt+Enter (open in new tab). For important passwords, you can even write the phoenetics on a card and keep it in your wallet, relying on your own memory to associate the password with the place you use it; or send the phoenetics (never the actual password) over e-mail or (preferably) instant messaging.


comments powered by Disqus