<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.1">
</HEAD>
<BODY>
It is easier than you think.<BR>
Your muscle-memory 'knows' the keystrokes and you write down <BR>
What I might write down (if I write anything) is:<BR>
(page #), (para #), (line #), (word #) for instance:<BR>
108, 5, 3, 12<BR>
Since you don't know the book, how far ahead are you by knowing what I wrote down?<BR>
Oh, I have more than one book.<BR>
Probably a good idea to avoid repeated letters.<BR>
<BR>
T6w3e4e4t6 pretty much gives itself away, if you actually see it written out, but it is not a word, per se, and it is 10 chars long, so tricky for the automated crackers. If they know me as well as you do, then they might be looking for this pattern. People who watch you for a few weeks can figure out your pattern anyway.<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Chris Ness <<A HREF="mailto:Chris%20Ness%20%3cluxomni@earthlink.net%3e">luxomni@earthlink.net</A>><BR>
<B>Reply-to</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><BR>
<B>To</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes!%20We%20run%20Linux!%20%3cale@ale.org%3e">ale@ale.org</A>><BR>
<B>Subject</B>: Re: [ale] OT: password gripe<BR>
<B>Date</B>: Fri, 01 Jan 2010 11:29:45 -0500<BR>
<BR>
<PRE>
On Thu, 2009-12-31 at 16:57 -0500, <A HREF="mailto:wolf@wolfhalton.info">wolf@wolfhalton.info</A> wrote:
> I use a book-cipher and a modified caesar-cipher on the term from the
> book(s) for most stuff.
> This is really simple to remember but creates pretty strong passwords.
> like this - you just have to remember who your friends are:
>
> FTR%I(E$NJDRSER5
> Frtr45i89e34nhjdersweR$5
So you write it down (weak point) and read it and type (time out) or
memorize it (you are better than I to memorize things like that for such
limited use)
And then you have three times to get it right or the system locks you
out; and you have to either have a have a machine online with some
trivial question and answer verification unlock the system to let you
compose a new code; or have human do it over the phone the same way.
Seems like a weaker point of contact to me.
If you are that paranoid, you might want a fingerprint scanner. I have
seen them on laptops, I presume there must be a usb dongle somewhere -
of course then you will get a paper cut and render the whole thing
impenetrable.
Maybe do it in bar code put it in your wallet (tattoo it on your
forearm?) and carry a barcode scanner around with you?
Heavy duty when you consider your bank uses a four digit passcode for
your instant bank card.
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
<BR>
</BODY>
</HTML>