I am in the process of changing passwords on a bunch of different systems/applications and have been pondering my algorithms, so to speak. Like my friend David, I have an internal model of varying password schemes which I can use in different places. This means that I can happily pick a password for a low risk site which will be easy to remember but relatively secure (for some definition of secure) but which will be very different in structure to one used on a high risk site, such as one giving access to my meagre savings. This means that even if a bad guy compromises a “low hanging fruit” web site which may hold one of my passwords I don’t have to panic and run around figuring out which other sites I may have to worry about. Not only will the password be different, but the algorithm generating that password will be different.
As ever, Randall Munroe over at xkcd has an interesting take on password algorithms. xkcd 936 offers the view that a phrase of four random common words is both easier to remember and more secure than a seemingly strong password of the traditional mixed case, alphanumeric, minimum length type favoured by some of our sillier financial institutions.
I was therefore delighted to find Jeff Phreshing’s xkcd passphrase generator.
In future all my passwords will be of the form seen in the title of this post.
No really. They will. All of them.