Weak passwords are still by far the most effective way to break into a system and even though many people think they have clever ways to obfuscate their passwords, they often fail badly either by inadvertently making something guessable or by coming up with something so hard you have to write it down somewhere or use a password manager just to use it.\u00a0 How bad is it?\u00a0 I have had 3 different techs assign me the same login “Gerhard” with password “G3rh4rd”\u00a0 and at an additional time someone even tried to be even more clever “G3h4rd!”\u00a0 This is bad.\u00a0 I know from experience that I can expect a password guessing script to hit my personal server at least 4 times daily.\u00a0 Originally the scripts all hit the ssh port until I took countermeasures but now they check every open port for possible password combinations from FTP to SASL to web logins and even with my countermeasures I can expect to have 1 or 2 accounts on my system cracked per year forcing me to disable someone’s website until they change their password again.<\/p>\n
How can we come up with a password that is both hard to guess and easy to remember?\u00a0 Thankfully it is easy.<\/p>\n
Take a couple of lines from a song you like but not the first lines and not the chorus.\u00a0 For example take this verse from a Election–The People’s Right<\/a>\u00a0[1]<\/sup> written in 1801:<\/p>\n We should support and pleasure take Now take the first letter of each word. “wssaptiffe”\u00a0 and there you go. The password is not an actual word so not likely to be hit by a dictionary attack but if you know the song you know your password so it’s easy to remember.\u00a0 One important note though: if ever the password was used on a website that got broken into you must<\/strong> assume the password is now added to several dictionaries for future attacks.<\/p>\n [1] I selected this song because it was the first one I could find that was both out of copyright and readable.<\/p>\n
\nIn frequent Free Elections.<\/p><\/blockquote>\n