12:14 Universal password while unique to each server and service | |
| Inspired by the previous topics on a password decided to share my method of choice and use of password protection. According to the method I use for a year, eventually obtained is unique for each server, and even the service password, and all remain memorable, and if necessary be easily restored. Immediately say, that method is more suited for personal use or for small organizations (about 5 servers), providing sufficient protection for the entire system as a whole, even if I lose / break one password, otherwise, I think this same system may be a kind of threat, because attacker can calculate the remaining unknown passwords. In the case of a large organization of force expended on changing passwords (in case of danger) may be far greater than the effort spent on memorizing multiple passwords. In any case, this system has been used successfully at least me, is much more optimal than a single password or a bunch of constantly forget the password. So, let us begin. To get started is to choose a basic password for example iMlh4P0Sde, itself best to address and change the register, and the alternation of numbers with letters, about the size and other detailed recommendations mentioned in previous topics. Once selected and memorized basic password, nothing new to memorize and remember no longer required, then a case enters the system. Consider the following two options: the first case we have a single computer, which is typical for an ordinary home PC. In this case, the most standard set consists of a password to root, its uchetku, icq, email, jabber, something else). In the second case, we are a small organization, and several servers, each with its own set of services / servers (with their own unique password). But, he and the method to be universal ... The bottom line is this: 1) choose a password, a position which becomes a variable, say the fourth in our example (iMlh4P0Sde) there is the symbol h 2) substitute the first character of the service from which you want to remember your password (icq, email, jabber), for example email - e 3) select the shift position in the English alphabet, and better choose a small value, which for a couple of seconds, you can pick up in the mind, such as four, and select the direction in which we measure the position (at start / end of the alphabet), for example, towards the end of the alphabet, ie E +4, resulting in a i. Doing it in the first place so that in case of burglary was not evident from what exactly the service will receive a password, since the first letter Service name gets lost in the rest of the random characters. As a result, we obtain the password for the email - iMli4P0Sde, which is the same variable h is replaced by i By analogy, we obtain the passwords of other services: root - iMlv4P0Sde icq - iMlm4P0Sde jabber - iMln4P0Sde As a result, we have a unique password for each service, and the recall is only one and a universal base. From my own experience I say that is enough to remember every single password from something, everything else is calculated in seconds, now, even if the attacker will be our password, it will not be enough to get access to everything else! This will allow time to observe the activity on our account and login, and change the other passwords. As an example, you can remember all of the same theft of passwords with classmates and vkontakte when not looking at the automatic change of password administration of these resources, the new password is sent to the e-mail access to all under the same, already broken passwords. If we have several servers, such as (email, databases and monitor, s_mail, s_bd, s_mon), you can select another position from a password, and, in analogy with the first case to make it variable. For example, take the eighth position - the symbol S (our password iMlh4P0Sde). As a character reminiscent of an appropriate service the first character after s_, as well as a shift two positions, now towards the beginning of the alphabet. Ie for s-mon The replacement character is obtained form m-2, The result is the symbol k. We make our upper-case characters in accordance with the basic password. As a result, our new passwords on the server s-mon take the form: iMl * 4P0Kde. Next, by analogy, we obtain the passwords of other servers and services: s_bd - iMl * 4P0Zde s_mon - iMl * 4P0Kde the password can be recorded and remembered as a formula: iMl ( * +4) 4P0 (*- 2) de, all ... I should not say that all of the same may apply to the Internet, where the variables will act as symbols of sites g-google, y-yandex, h-habrahabr and m . etc. | |
|
| |
| Total comments: 0 | |