Of course each system had its own rules for acceptable passwords. One system had a maximum password length of eight characters, as well as the usual three-of-four-character-classes rule; one disallowed certain special characters; one only allowed alphanumerics. I ended up using a character-grid system: I had a small square array of characters that I kept in my wallet, which I regenerated randomly every two months. Then, instead of memorizing passwords, I just memorized simple sequences of characters on the grid:
| _ | _ | _ | _ | _ | _ |
| 1 | 2 | 3 | _ | _ | _ |
| _ | _ | _ | 4 | _ | _ |
| _ | _ | 5 | _ | _ | _ |
| _ | _ | _ | 6 | 7 | 8 |
| _ | _ | _ | _ | _ | _ |
The grid always had the same class of character at each position, so as long as I chose the initial sequence carefully, that sequence would always have a valid password for the system I associated it with.
This had the additional advantage that I could safely keep a written list of the sequences for systems I rarely used; without the actual grid that I carried on my person, these would be almost useless to an attacker.
(I don't know what the other people I worked with did. I suspect they just wrote down all their passwords. Of course, they had desks with working locks.)
Nowadays, thankfully, I work in a much saner environment: I have all of four passwords to remember, all of which I use daily, and one of which I can use the default Linux generator for.
No comments:
Post a Comment