Justin du Coeur (jducoeur) wrote,
Justin du Coeur

Technology stuck in my ear

I always hate mandatory expiration dates for passwords -- just in principle, I consider it a questionable policy from a security standpoint. Most people aren't good at thinking up passwords, and I suspect that they wind up with weaker passwords since they have to keep figuring out new ones.

That's become less of an issue for me in recent years, since I was introduced to a good mechanism for dealing with it: I go to my iPod, dig through my vast collection of favorite songs, choose a suitable line, and leet it a bit arbitrarily. Pure and consistent leeting doesn't help security much, since it's a straightforward transformation. *Inconsistent* leeting and abbreviation as I do it strengthens security enormously, though, since it makes the search space much larger. I'll leet some characters a bit randomly, abbreviate some words, transform some words into symbols but not others -- the result is pretty unpredictable, even to me. The result is a passphrase that's pretty easy for me to remember, but hard to predict even if you knew what song it was taken from. (Usually a pain in the ass to *type* for the first couple of weeks, due to the transforms, though -- it doesn't simply flow from my fingers since it isn't real words. Right around the time I completely get it into my fingers, it expires and I have to start over.)

There's only one problem with this approach: I have to remember the line that I chose, and I get paranoid about it. So the result is that, for the week after I choose a new password, I am *utterly* earwormed with the song I chose the line from. It's all I can do to keep from humming it constantly. Fortunately, I always choose a long I like, but it still gets pretty annoying...
Tags: technology

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded