Lost passwords...how about figuring them out instead?

[Lbrewer_42]

So many times people lose passwords to sites, wifi, etc.

Why not just prevent the problem by easily FIGURING out your passwords every time you need them?

Side note of what I am talking about hoping it will make sense:
Ready for me to ruin your life? You cannot name ONE game that does not include (actual - not modern day ideas of) math.

Example: The game of CLUE...its all a bunch of random variables (people) mixed with more random variables (rooms) using a bunch of (weapon) variables that need to be sorted using logical (game) rules to categorize (logic) and eliminate (reasoning) unwanted variables!

So why do people love to PLAY the game of CLUE (well...you used to before the curtain was drawn back )? B/c we all KNOW it's a "game" instead of understanding it is actually a quite complex algebra problem acted out on a board using pure thinking abilities.

Math has been corrupted for decades by degrading it to be a memorization class...which is why people think it is hard.

So what has this to do with passwords?
Let's make a game (Shhhh...use algebraic thought!) to stop needing to memorize a list shall we? Let's make it EASY to figure out a passworde when we need it:

How? Make an algorithm (system of "fun" steps) when you make a password so you can re-figure t out for everyplace you need one.

For example, think, when you think, "what do I want to make my wifi password?"
Apply the following (example) "game" rules:
1. Eliminate spaces (no password places like to have spaces in the entered password) or replace them always with a symbol (such as ! b/c it is on the Number 1 key on a keyboard hence the first symbol to use))
2. Make all vowels into numbers: a, e, i, o and u get replaced with 1, 2, 3, 4 and 5 respectively.

So now we have: w3f3!p1ssw4rd

Easy to make...easy to remember HOW to make it, but it looks hard.

Not bad, but we can make it better with more game rules:

3. How about:
a. flipping it backwards? Or...
b. look for consonants in your name and replace them with the 2nd symbol on the keyboard (@). Or...
c. always swap the 1st two consnants with the last 2 : make w3f3!p1ssw4rd up and then think "swap end and start" d3f3!p1ssw4rw

And I did that last one by making it up as I went instead of looking back to type it.

There are so many variations to this game that you can make up yourself. Never forget a password again...figure them out.

The following was just:
1. Replace vowels with numbers,
2. Use ! for spaces,
3. flip the end and start characters.

The more you use it the easier it becomes. But make one up yourself.

I use just a simple trick on places when I don't care if someone would get into the site with my name. But with something important I use more simple to remember rules.

 

[IWT]

Interesting. Thank you for your post.

Ian

 

[Raz0rEdge]

.....or you know, use a password manager so that it can generate really strong passwords for all of your sites and you just need one strong password to remember that can be created using this method or any other method out there.

 

[Lbrewer_42]

But...

No need for a password manager using the above simple technique.

The technique makes very strong password if you desire.

This way your strong passwords are recorded absolutely nowhere. This is added security.

You have a unique strong password for every site you visit instead of just one. If someone was looking over your shoulder and saw your one string password, they have access to everything.

And...

Having just one strong password to remember (key word) is less secure than a unique strong password for every site you visit.

What happens if someone forgets their one strong password?

But using the URL itself to generate the password is easier than memorizing anyway when YOU make up the rules to the game. If you had to, which I doubt since you are the one making it up, you could even make a text file of the rules someplace. You could likely even name it "algorithm password," although something more cryptic like "Game Rules," would likely be smarter.

Even if a person saw that set of game rules, they more than likely are not going to have the faintest idea it is about your passwords. Most people have never thought of figuring out passwords rather than memorizing them.

Even if they didn't know it was about your passwords, they do not know what to seed the game rules with.

It is all just an added level of security, and be very difficult one for anyone to crack beyond using just one strong password or having your passwords digitally recorded inside a password manager.

OK...the downside is that it takes a tiny bit of reasoning to play the game.

 

[toMACsh]

Ready for me to ruin your life? You cannot name ONE game that does not include … math.

Based on that one statement, I'm speculating that you might enjoy a book called The Universe Speaks in Numbers. It's a history of the relationship between math and physics. I just checked it out from the library. It's a fascinating story.

 

[pm-r]

No need for a password manager using the above simple technique.

I have no need for a password manager and use my own system that has worked well for me for years thank you but I found it almost impossible to follow your directions and instructions for how to set up or use your method, so I shall just carry on as I have been doing thank you..., and yes my wife knows how to use my method as well in case my brain ever goes into some type of dementia...

And no, no need for me to write down any of my login passwords anywhere on my Mac thank you.





- Patrick
=======

 

[Lbrewer_42]

Based on that one statement, I'm speculating that you might enjoy a book called The Universe Speaks in Numbers. It's a history of the relationship between math and physics. I just checked it out from the library. It's a fascinating story.

Thanks for this. I will have to look into it!

 

[Lbrewer_42]

I have no need for a password manager and use my own system that has worked well for me for years thank you but I found it almost impossible to follow your directions and instructions for how to set up or use your method, so I shall just carry on as I have been doing thank you..., and yes my wife knows how to use my method as well in case my brain ever goes into some type of dementia...

And no, no need for me to write down any of my login passwords anywhere on my Mac thank you.





- Patrick
=======

The concept is simple:

Look at the URL and then make the same rules of change to the letters.

The most simplistic way of explaining it would be look at the URL when making up a password, copy it, then add your phone number to the end of it and use that for your password.

That example would NOT make safe passwords for nowadays, but it is the same concept.

The big advantages are the passwords are not listed anywhere for anyone to find/hack or be lost. I also do not have to remember any of them. I just figure them out for the URL.

I am never at a loss as to "now what WAS that password?" or, "now what did I do with my password list?" or, "Oh no! My system died and my passwords are gone!"

They are always at my fingertips. Despite changing computers, computer systems, browsers, etc. for many years...passwords have been consistent with this method.

 

[Lifeisabeach]

The problem with this technique is that you are limited to one password per site, per the "game" you choose to play. What happens if the site gets compromised and you have to change your password? Now the game is no longer valid for that site. What about sites that REQUIRE you to periodically change your password? The game is no longer valid. And let's not forget that it's best practice to periodically change your passwords ANYWAY, at least for the more important sites like banking; cloud services; etc.

 

[Lbrewer_42]

All good points!

"And let's not forget that it's best practice to periodically change your passwords ANYWAY, at least for the more important sites like banking; cloud services; etc."

Why is this? B/c the current model most people use for passwords is to have them written down or recorded electronically someplace.

Think credit card companies...they do not send out new cards with a different number every so often but feel secure enough they they depend on the system they use. Numbers too large for current computers to be able to brute force hack. Quantum computing will change that though.

BTW, when a person's credit card account IS stolen, it is b/c the criminal got ahold of another person's card, copied the number, used an electronic "sniffer" on the card to get the number, or got an electronic copy where the credit card number is recorded.

My passwords are recorded nowhere...not even in my own mind! And I can make them as secure as a credit card number, or even more secure using not just numbers, but all characters. That last statement is the concept behind sites wanting numbers, letters symbols, capitals etc. in passwords.

What happens if the site gets compromised and you have to change your password?

Thankfully has not happened yet. I would come up with a game rule for that as well though. Again, my rules can be written down in a text file and not tied to any notion of being for passwords.

I also would not have to necessarily remember that site was hacked and I had to change the password b/c using my default game rules would not allow me into the site and remind me the password had changed. Then I would know to use a secondary plan. It also would likely alert me to, "Oh ,yeah, this place was hacked," and then I would know how to change the figuring for the password.

What about sites that REQUIRE you to periodically change your password?

I have yet to encounter any of those things you mentioned personally though. But it is an easy fix as well.
When the initial password I figured out and entered did not work, it would likely remind me this was a (monthly, bi annual whatever) website for passwords to be changed on. A simple game rule variation could be implemented.

A hypothetical example would be that if I had the rule of a,e, i, o, u were normally changed into 1, 2, 3, 4, and 5 respectively; I try to log in; the password is rejected, then then I would have a plan B. This could be something like throwing out 1, 2, 3, 4, and 5 and making every vowel the number of the current month.


In other words, I approach the password game like I do a programming problem. If the initial password fails (not had that happen yet!), then another variation on a rule was implemented when the password was created and I employ that variation.

So far I have been able to keep this format, it works simply for me, It's a game to me, and I have more security b/c the passwords are recorded nowhere, yet my passwords can include a security level on par with the credit card company model.

 

[Rod]

I am never at a loss as to "now what WAS that password?" or, "now what did I do with my password list?" or, "Oh no! My system died and my passwords are gone!"

1. I can easily remember 3 or 4 master passwords. If not (say I die or have a stroke) they are written on paper in a safe in the house and also with my son.
2. I don't have a list, I have a password manager synced with all my devices and backed up on iCloud.
3. If my system died I still have my other devices and iCloud backups. If the worst happened and I was to loose all my devices I only need to download the app to a new device and login with my Apple ID and same old password.

On top of that I have the added security of constant auditing for password breaches and a very easy mechanism for replacing those compromised passwords.

 

[Lifeisabeach]

Why is this? B/c the current model most people use for passwords is to have them written down or recorded electronically someplace.

No. That's not correct. At all. There are a few different theories on why. Here...

Should You Change Your Passwords Regularly?

"Change your passwords regularly" is a common piece of password advice, but it isn't necessarily good advice.

www.howtogeek.com

Think credit card companies...they do not send out new cards with a different number every so often but feel secure enough they they depend on the system they use. Numbers too large for current computers to be able to brute force hack. Quantum computing will change that though.

Of course they don't. But they do when the numbers are compromised. I've had one credit card mysteriously compromised 3 times in the past year and half or so. The second time, I hadn't even received the replacement card from the first one yet. And I didn't even know, much less use, the new number yet. And no... no one hacked my account. For which I had to change the password already... just to be sure.

BTW, when a person's credit card account IS stolen, it is b/c the criminal got ahold of another person's card, copied the number, used an electronic "sniffer" on the card to get the number, or got an electronic copy where the credit card number is recorded.

LOL! Did you seriously just try to mansplain this to me? See above... that's NOT what happened in my case. Here... read this... this went down about the time I had my card numbers compromised:

Debit card fraud leaves Ally Bank customers, small stores reeling

Some are seeing charges on cards they've never activated or hardly used.

arstechnica.com

My passwords are recorded nowhere...not even in my own mind! And I can make them as secure as a credit card number, or even more secure using not just numbers, but all characters. That last statement is the concept behind sites wanting numbers, letters symbols, capitals etc. in passwords.


Thankfully has not happened yet. I would come up with a game rule for that as well though. Again, my rules can be written down in a text file and not tied to any notion of being for passwords.

Key word... "yet". Meanwhile, I've had easily a dozen sites I have accounts on compromised over the years, requiring password resets. I'm not going to try to read the rest of your response. Your technique is simply impractical and full of holes.

 

[Jimmysb]

So if somebody works out your "phone number" they can then work out your password for each site.

 

[Lbrewer_42]

Lbrewer_42 said:
BTW, when a person's credit card account IS stolen, it is b/c the criminal got ahold of another person's card, copied the number, used an electronic "sniffer" on the card to get the number, or got an electronic copy where the credit card number is recorded.

LOL! Did you seriously just try to mansplain this to me? See above... that's NOT what happened in my case. Here... read this... this went down about the time I had my card numbers compromised:

Please educate me as to how I could state the facts of how many credit card numbers are actually stolen without it being taken as an attempt to belittle someone?

You posted the article:

Debit card fraud leaves Ally Bank customers, small stores reeling​

Some are seeing charges on cards they've never activated or hardly used.

arstechnica.com

Yet credit cards still keep using the same security technique based on large numbers. And the system I use can be made more secure!

No. That's not correct. At all. There are a few different theories on why. Here...

Should You Change Your Passwords Regularly?​

“Change your passwords regularly” is a common piece of password advice, but it isn’t necessarily good advice. You shouldn’t bother changing most passwords regularly — it encourages you to use weaker passwords and wastes your time.

??
The article repeats what I said was good about the system I use:
1. Writing passwords down is a bad idea forced upon people by sites requiring regular changes,
2. It says we should use a unique strong password for every site.
3. It says the above is "almost impossible" to do without a password manager (meanwhile an advert for buying a password manager is included...hmmm) - but the system I uses is capable and no need to spend money.
4. Says the password should be changed whenever a site has been compromised by using a new strong password .

Key word... "yet". Meanwhile, I've had easily a dozen sites I have accounts on compromised over the years, requiring password resets. I'm not going to try to read the rest of your response. Your technique is simply impractical and full of holes.

Agreed..."yet" is the key word.

But please help me understand: Someone who has says they have had problems, concerning this discussion of password security, with "easily a dozen sites over the years," is telling me my system is "impractical and full of holes," despite me never having had a single such problem since at least 2010 when I started using my method?

After that many years of no problems I just thought sharing a proven method, for me, might be something someone else could find useful.


Being brutally honest here, this thread has affirmed that nowadays it is very hard to share ideas in a friendly way.

My motivation was to share a working idea I have been using in hopes it could help others.

No problems, I spend no money for it, I use little effort, and the level of security is maximized. It can even be made to be self alerting to a "correction."

But replies here seem to show people have been programmed to immediately take offense over a disagreement, and how others magically can read the thoughts and motivations through the airwaves to "KNOW" someone is being rude when they try to explain how they arrived at their own viewpoint.

All the best to people here. Use what you wish and enjoy it. I am not sorry I started this thread trying to present people with an alternative idea. The idea has been presented. I works for me. Hopefully someone else can make use of it.

 

[Lbrewer_42]

So if somebody works out your "phone number" they can then work out your password for each site.

Sorry, but you must have missed the very next line in the context:

That example would NOT make safe passwords for nowadays, but it is the same concept.

 

[pm-r]

All the best to people here. Use what you wish and enjoy it. I am not sorry I started this thread trying to present people with an alternative idea. The idea has been presented. I works for me. Hopefully someone else can make use of it.

I'm sure some Forum members will consider using your password suggestion and appreciate you suggesting it, others who have been a bit more vocal probably won't.

There are lots of good ideas out there in the wild, sometimes accepted sometimes dismissed, and aren't we lucky that we have a choice to do whatever it is we decide to do? But regardless, thanks for your contribution.




- Patrick
=======

 

[Rod]

​

Lbrewer_42, I do appreciate the suggestion, it's a really original and different way of creating and managing passwords but I'm not about to change my method. My password manager does not charge a yearly subscription fee, it was a one off cost and stores my passwords locally (shared via iCloud). It took a lot of trial and error to arrive at the strategy I have today so I'm pretty invested in it.

 

[Lbrewer_42]

I appreciate that some people think it could be useful. That was my intent...just to offer an idea someone might think they could use.

but I'm not about to change my method.

My initial thoughts were never to try to convince anyone to change as much as to present the idea. And really hope I did not come across that way. I did feel some people were missing the point of why the system works, so, being a teacher, felt it would be beneficial to elaborate on the benefits I have found using it.

People need to find their own best methods for sure

 

[Alwyn]

Yes it's an interesting idea although it's only relevant if your device is stolen and the device has an easily guessable password enabling somebody to access your saved passwords. I tend to side with Rod on this except that I use Apple generated password but don't back them up to iCloud.

Of course, if somebody stole all my devices I would have to use 'forgot my password' on every website to access my account but that is not insurmountable.

 

[Rod]

Alwyn, if you use Apple generated "strong" passwords and don't use iCloud backup/sync they would still be stored in your local Keychain. Why wouldn't you sync your Keychain via iCloud? It's encrypted and requires a password to access, much the same as my password manager.