asemisldkfj
the law is no protection
yesterday I updated my old list of websites and other Internet services that I have accounts with. the number is at 34, and I'm definitely missing some. I also listed what username I had with each service and which level/type of password I used.
I'm not entirely sure why I did this, but it was nice.
I remember lucas made a thread on bsdnexus (I think) about password management and I figured I'd incorporate that in this thread too. I have 6 different passwords I use, depending on the situation.
1. internet, unencrypted, unimportant (AIM, forums, etc.)
2. internet, encrypted, important (SSL-enabled sites like SSL webmail)
3. internet, encrypted, very important (eBay, Amazon, PayPal, etc. any site that can affect my finances by purchasing something, transferring money, or making a commitment to purchase something.)
4. internet, encrypted, super important (online banking)
5. local and SSH (user accounts)
6. root (root on all boxes)
I have two usernames I go between, depending on the purpose of the account. if it's something like a forum I obviously use asemisldkfj. if it's something like an account with a utility company, I use my full name. anything that involves financial transactions, I also use my full name.
it feels good to organize stuff like this, I suppose. how do you manage passwords and user accounts?
phi_
... and let the Earth be silent after ye.
*taps temple* In meh head. I manage to juggle about 6 or 7 different, 6-12 character passwords, though my username is fairly consistent.
Chiken
Don't Let Your Walls Down
same here, i use a consistent username depending on what the situation is. forums and the like will be chikencarnage but anything that is a professional type account i use my name. I have about 5 different passwords ranging from 6-15 characters. i dont usually remember which password goes to what but if im unsure i can usually guess it :p
asemisldkfj
the law is no protection
you guys are boring :P.
phi_
... and let the Earth be silent after ye.
:)
Alright, hopefully this catches on. OpenID:
http://openid.net/
for an ID:
http://getopenid.com/
http://pip.verisignlabs.com/
[even more here:
http://openid.net/wiki/index.php/OpenIDServers ]
and a list of sites that support:
https://www.myopenid.com/directory
Microsoft has a competing product that uses IE 7.. It's called CardSpace.
http://cardspace.netfx3.com/
You should also be able to make an OpenID server of your own to verify against. That is if everyone switches to this type of system.
what would lr do? (an openid enabled site)
http://doxory.com/
http://www.parsed.org/ is a good example of an openid exclusive login system
I really think it would be a good move to be an early adopter of OpenID on ttf, hope some of you can check it out and let me know what you think. Most sites are not replacing their current login systems with it but using it as an alternative or additional authentication method.
I've actually been considering to put it on my site so people can comment easily. I'm not sure I can do the last step on the install though with my host.
http://www.openidenabled.com/openid/libraries/php
php openid specification
information about a unique
dependency.0
did that just bust...dammit.
it's been a few years and OpenID has been spreading around.
http://www.techcrunch.com/2009/04/27/facebook … ce-openid/
I have been experimenting with using a combined site specific password with a general password that is for all of my accounts. Right now it looks something like (capitalized first letter of site name)(then complex seven letter/number/caps and smalls). That way if someone happens to snoop my password for one site then it is unlikely that the password can be used on other sites. More complex combinations are possible of course. I guess I could drop one letter above or below the website name to ensure that the password is less transparent.
I also have a non-secure password that is related to my general password but less complex. I hate try to remember old passwords and I hate having to change passwords and forgetting a service if my password is lost.
I would like to have a password that is functionally dependent upon the time but unfortunately I don't think any web service has self updating passwords. Ideally I could give someone my password to any account and they could use it to access an account for an hour before it expired. Perhaps just a one time use password would be sufficient.
so i was signing up for a superuser account:
superuser.com and i noticed that openid is getting around, as there are several options for providing your openid. i knew it was in use at wordpress and blogger but i didn't know your
google profile url is actually an openid authority thing.
anyway i thought it was cool.
asemisldkfj
the law is no protection
lately I have been making up passwords of randomly capitalized letters and numbers on the fly and remembering them quite well. it's fun.
phi_
... and let the Earth be silent after ye.
asemisldkfj
the law is no protection
stuff like that that's not open source kind of sketches me out. probably unjustifiably, but still.
I use pwman for managing passwords btw. Works pretty well.
Why you should use a different password for every service:
I recently signed up for a service, made an account, etc.
I phoned those people last week to make an appointment ... they verified some data such as address, phone, email, and .... password ....
"Why not, it's easier when people forget their passwords" was the reply from the (nontech) person I was speaking with ...
http://code.google.com/p/thinktankforums/sour … ns.php#314
// generate random string
function generate_string($length) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for ($i = 0; $i < $length; $i++) {
$string .= substr($chars, rand(0, strlen($chars)-1), 1);
};
return $string;
};