January 7, 2010 at 15:06Universal password, unique for every server and service
Inspired by previous topics about compiling a password, I decided to share my method of choosing and applying password protection. I have been using this method for a year now, in the end I get a unique password for each server and even a service, while everything remains memorable and, if necessary, easily recoverable. I must say right away that the method is most suitable for personal use, or for small organizations (about 5 servers), providing sufficient protection for the whole system as a whole, even if one password is lost / cracked, otherwise, I think this same system can be its own kind of threat, because an attacker can calculate other, unknown passwords. In the case of a large organization, the effort spent on changing passwords (in case of danger) can be much larger, rather than the effort spent memorizing several passwords. In any case, this system is successfully used by at least me, and is much more optimal than a single password, or a bunch of constantly forgotten passwords.
So let's get started. To begin with, you should choose a basic password, for example, iMlh4P0Sde, it is better to take into account both the case change and the alternation of numbers with letters, size and other recommendations were mentioned in detail in previous topics. After the base password is selected and remembered, it is no longer necessary to remember and remember anything new, then the system comes into play.
Consider two options: in the first case, we have one single computer, which is typical for a regular home PC. In this case, the most standard set consists of passwords for root, your account, icq, email, jabber, something else). In the second case, we have a small organization, and several servers, each with its own set of services / servers (with its own unique passwords). But, on that he and the method to be universal ...
The bottom line is as follows:
1) select the position in the password that becomes variable, let's say the fourth in our example (iMlh4P0Sde) there is the character h
2) we substitute the first character of the service from which you want to remember the password (icq, email, jabber), for example email - e
3) select a position shift in the English alphabet, and it’s better to choose a small value that can be picked up in your mind in a couple of seconds, for example, four, and choose the side in which we will count the position (to the beginning / end of the alphabet) for example, towards the end of the alphabet, those. e + 4 , which results in i. We do this primarily so that in the event of a break-in it is not obvious which service the password is received from, since the first letter of the service name is lost in the rest of the random character set.
As a result, we get the password for email - iMl i 4P0Sde, where the same variable h is replaced with i.
By analogy, we get the passwords from other services:
root - iMlv4P0Sde
icq - iMlm4P0Sde
jabber - iMln4P0Sde
As a result, we have a unique password for each service, and we only remember the only and universal basic one. From my own experience I’ll say that it’s enough to remember any one password from anything, everything else is calculated in a matter of seconds. Now, even if the attacker has our password, it will not be enough to gain access to everything else! This will give time to notice activity with our account and login, and change the remaining passwords. As an example, we can recall all the same password theft from classmates and VKontakte, when in spite of the automatic change of password by the administration of these resources, new passwords were sent to e-mail accessible all under the same, already broken passwords.
If we have several servers, for example (mail, databases and monitoring, s_mail, s_bd, s_mon), you can select another position from the password, and, similar to the first case, make it a variable. For example, take the eighth position - the S character (our password is iMlh4P0Sde). As a character reminiscent of the corresponding service, the first character after s_, and as an offset, two positions, now towards the beginning of the alphabet. Those. for s-mon the substituted character is of the form m-2 , as a result we have the character k . Let's make our character uppercase, in accordance with the base password. As a result, our new passwords on the s-mon server will take the form: iMl * 4P0Kde.
Further, by analogy, we get passwords from other servers and services:
s_bd - iMl * 4P0Zde
s_mon - iMl * 4P0Kde
The password itself can be written down and stored as a formula: iMl (* + 4) 4P0 (* - 2) de, everything ... I think it’s not worth saying that the same thing can be applied on the Internet, where the variables will be designate g-google, y-yandex, h-habrahabr sites, etc.
So let's get started. To begin with, you should choose a basic password, for example, iMlh4P0Sde, it is better to take into account both the case change and the alternation of numbers with letters, size and other recommendations were mentioned in detail in previous topics. After the base password is selected and remembered, it is no longer necessary to remember and remember anything new, then the system comes into play.
Consider two options: in the first case, we have one single computer, which is typical for a regular home PC. In this case, the most standard set consists of passwords for root, your account, icq, email, jabber, something else). In the second case, we have a small organization, and several servers, each with its own set of services / servers (with its own unique passwords). But, on that he and the method to be universal ...
The bottom line is as follows:
1) select the position in the password that becomes variable, let's say the fourth in our example (iMlh4P0Sde) there is the character h
2) we substitute the first character of the service from which you want to remember the password (icq, email, jabber), for example email - e
3) select a position shift in the English alphabet, and it’s better to choose a small value that can be picked up in your mind in a couple of seconds, for example, four, and choose the side in which we will count the position (to the beginning / end of the alphabet) for example, towards the end of the alphabet, those. e + 4 , which results in i. We do this primarily so that in the event of a break-in it is not obvious which service the password is received from, since the first letter of the service name is lost in the rest of the random character set.
As a result, we get the password for email - iMl i 4P0Sde, where the same variable h is replaced with i.
By analogy, we get the passwords from other services:
root - iMlv4P0Sde
icq - iMlm4P0Sde
jabber - iMln4P0Sde
As a result, we have a unique password for each service, and we only remember the only and universal basic one. From my own experience I’ll say that it’s enough to remember any one password from anything, everything else is calculated in a matter of seconds. Now, even if the attacker has our password, it will not be enough to gain access to everything else! This will give time to notice activity with our account and login, and change the remaining passwords. As an example, we can recall all the same password theft from classmates and VKontakte, when in spite of the automatic change of password by the administration of these resources, new passwords were sent to e-mail accessible all under the same, already broken passwords.
If we have several servers, for example (mail, databases and monitoring, s_mail, s_bd, s_mon), you can select another position from the password, and, similar to the first case, make it a variable. For example, take the eighth position - the S character (our password is iMlh4P0Sde). As a character reminiscent of the corresponding service, the first character after s_, and as an offset, two positions, now towards the beginning of the alphabet. Those. for s-mon the substituted character is of the form m-2 , as a result we have the character k . Let's make our character uppercase, in accordance with the base password. As a result, our new passwords on the s-mon server will take the form: iMl * 4P0Kde.
Further, by analogy, we get passwords from other servers and services:
s_bd - iMl * 4P0Zde
s_mon - iMl * 4P0Kde
The password itself can be written down and stored as a formula: iMl (* + 4) 4P0 (* - 2) de, everything ... I think it’s not worth saying that the same thing can be applied on the Internet, where the variables will be designate g-google, y-yandex, h-habrahabr sites, etc.