![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Technology stuck in my ear
Mar. 28th, 2011 10:56 amI always hate mandatory expiration dates for passwords -- just in principle, I consider it a questionable policy from a security standpoint. Most people aren't good at thinking up passwords, and I suspect that they wind up with weaker passwords since they have to keep figuring out new ones.
That's become less of an issue for me in recent years, since I was introduced to a good mechanism for dealing with it: I go to my iPod, dig through my vast collection of favorite songs, choose a suitable line, and leet it a bit arbitrarily. Pure and consistent leeting doesn't help security much, since it's a straightforward transformation. *Inconsistent* leeting and abbreviation as I do it strengthens security enormously, though, since it makes the search space much larger. I'll leet some characters a bit randomly, abbreviate some words, transform some words into symbols but not others -- the result is pretty unpredictable, even to me. The result is a passphrase that's pretty easy for me to remember, but hard to predict even if you knew what song it was taken from. (Usually a pain in the ass to *type* for the first couple of weeks, due to the transforms, though -- it doesn't simply flow from my fingers since it isn't real words. Right around the time I completely get it into my fingers, it expires and I have to start over.)
There's only one problem with this approach: I have to remember the line that I chose, and I get paranoid about it. So the result is that, for the week after I choose a new password, I am *utterly* earwormed with the song I chose the line from. It's all I can do to keep from humming it constantly. Fortunately, I always choose a long I like, but it still gets pretty annoying...
That's become less of an issue for me in recent years, since I was introduced to a good mechanism for dealing with it: I go to my iPod, dig through my vast collection of favorite songs, choose a suitable line, and leet it a bit arbitrarily. Pure and consistent leeting doesn't help security much, since it's a straightforward transformation. *Inconsistent* leeting and abbreviation as I do it strengthens security enormously, though, since it makes the search space much larger. I'll leet some characters a bit randomly, abbreviate some words, transform some words into symbols but not others -- the result is pretty unpredictable, even to me. The result is a passphrase that's pretty easy for me to remember, but hard to predict even if you knew what song it was taken from. (Usually a pain in the ass to *type* for the first couple of weeks, due to the transforms, though -- it doesn't simply flow from my fingers since it isn't real words. Right around the time I completely get it into my fingers, it expires and I have to start over.)
There's only one problem with this approach: I have to remember the line that I chose, and I get paranoid about it. So the result is that, for the week after I choose a new password, I am *utterly* earwormed with the song I chose the line from. It's all I can do to keep from humming it constantly. Fortunately, I always choose a long I like, but it still gets pretty annoying...