Monday, December 13, 2010

A somewhat flawed password-generation scheme

As suggested by this article, it is possible to dream up a way to have a unique password for every site you use, and not have it be a total nightmare.

How it works is that you come up with a base password, then devise a way to modify it based on which site you're using. So, for instance, if your base password is "34cheese!", and you are logging in to Gawker, you would add a letter "g" to the beginning, giving you "g34cheese!". The article suggests using three different base passwords, and separating them based on what sort of site they pertain to.

There are a couple of problems with the idea, though.

One is that it's going to eliminate quick logins, due to the need to think through the modification each time you log in. However, if you're really concerned about this, most sites have "keep me logged on" or "remember my password" options. In most cases they actually work, too. (Personally, I rarely use "remember my password" because if I do, it's much easier for me to forget it, which leads to a significant headache on the day when I find myself at a strange computer needing to access the site.)

More troublesome is that the idea isn't going to work in cases where your account is spread over a variety of sites. Gravatar accounts (anyone who uses, for instance), OpenID, and others where you have the same username and login for a bunch of different, unrelated sites (such as Blogger and Google), are going to mess this idea up.



Post a Comment

<< Home