Thanks for the reference! I like your URL based password method. Especially since both URL's and IP's have burned permanent homes in my brain. It seems like a great method for longish passwords.

I'll admit with my method you still need to 'remember' your password so you don't lock yourself out. I think the possibility of multiple versions of the password is actually a help because you can keep a primary phrase and then iterate versions over time. It still take some diligence, but I think it's more appealing than working the other way round. I mean starting from a password then trying to figure how the heck to remember it.

I have to say I have used this method most successfully for assigned passwords as you guessed. Especially for logins that must be given to a group and changed weekly.

In response to your comment on my other posts being right out of 1995! You are a virtual <a href='http://www.amazingkreskin.com/bio.htm&#039; rel="nofollow">Kreskin!</a> I mention in my about page that most of my posts will be derived from my personal 'tech notes' that I've been collecting over the last 10 years. I'm focusing on the entries I've been requested to send to friends and colleagues. In working with enterprise security professionals from different companies, I get asked these questions all the time. I couldn't count how many times I tested a mail server or used telnet to verify a port or website is up, while associates stood by in awe. Not that I'm cool, it all seems like black magic until you know it. I just think folks need help in these basic areas.

All in all you are spot on! I'm publishing old news, that some people still haven't read

Thanks for checking me out, and for the link!

-john

Thanks for stopping by to comment…

I can understand the passing on of notes… I often consider doing that… I visited the page of Alan’s blog post and I just had that ‘buyer beware, not as advertised’ feeling …

It is a nice blog though..

Tyler

Thanks for the reference! I like your URL based password method. Especially since both URL’s and IP’s have burned permanent homes in my brain. It seems like a great method for longish passwords.

I’ll admit with my method you still need to ‘remember’ your password so you don’t lock yourself out. I think the possibility of multiple versions of the password is actually a help because you can keep a primary phrase and then iterate versions over time. It still take some diligence, but I think it’s more appealing than working the other way round. I mean starting from a password then trying to figure how the heck to remember it.

I have to say I have used this method most successfully for assigned passwords as you guessed. Especially for logins that must be given to a group and changed weekly.

In response to your comment on my other posts being right out of 1995! You are a virtual Kreskin! I mention in my about page that most of my posts will be derived from my personal ‘tech notes’ that I’ve been collecting over the last 10 years. I’m focusing on the entries I’ve been requested to send to friends and colleagues. In working with enterprise security professionals from different companies, I get asked these questions all the time. I couldn’t count how many times I tested a mail server or used telnet to verify a port or website is up, while associates stood by in awe. Not that I’m cool, it all seems like black magic until you know it. I just think folks need help in these basic areas.

All in all you are spot on! I’m publishing old news, that some people still haven’t read

Thanks for checking me out, and for the link!

-john