Useful Password Tip #1

Discussion for: Joomla Administrator’s Security Checklist

I may get flamed for this and maybe I deserve it….LOLI am not a big fan of telling people to have 10 different passwords they use…
Neither am I a fan of changing these passwords often. Changing on a monthly basis is not really effective as any brute forcing of the password won’t take that long. Unless you were changing it on a weekly basis it’s effectiveness is limited.

I tell users that they should have no more than 3 levels of Passwords and webmasters no more than 5! And each level must be completely unrelated to the others in terms of what is used.

He then goes onto describe his levels in detail. I would suggest an alternate (or additional?) tack. If you are a member of a lot of sites, esp. those without financially related details or other sensitive data, simply create a standard password that you can use with all of them. BUT to make each password unique, add a prefix of a couple of letters to differentiate that password for other words thus:

  • General Password: 123abc
  • Specific password for Payperpost could be: pay123abc
  • Specific password for New York Times could be: NYT123abc

Easily extendable and variable. If you decide to do this, you can separately record the list of acronyms somewhere separate from a generic password. If it’s retrieved it would not make any sense to anyone else.