Obfuscated password storage by fictitious telephone numbers
This tip was submitted to the searchSecurity Tip Exchange by user Chuck Steffel. Let other users know how useful it is by rating the tip below.
I have worked on several systems logins that require 14 digit passwords and password rotation every 60 days. I do not always remember passwords, so I use a code with a numerical beginning and ending concatenated to a name.
I keep passwords in the cell phone telephone listing and in my written phone book. The nonsense listings are real people whom I would never call and dead relatives with valid area codes, etc.
I have a listing of numbers (ready-made passwords) for when I get the annoying password expiration message.
For example, decoding the telephone listing:
Charlie Peterson 651 319 1761
produces passwords such as:
319charlie1761 or 1761charlie319
319charlie1761 or 1761peterson319.
For systems that screen for real words,
1671eilrahc913 or 319eilrahc1671
1671osretep913 or 319osretep1671
The reordered phone numbers are easy to find in a cell phone or datebook. A simple PDA program can do the sorting.
Dig deeper on Password Management and Policy