taxcontrol wrote: “I recommend a poem or a phrase that you will remember. Something like “On a warm summers evening, on a train bound for nowhere” (opening lines of the Gambler by Kenny Rogers). Then take the first letter of each word.”
Commonly recommended and completely impractical. The only reason to use this scheme is to avoid writing down the password. And, you’re not supposed to use the password more than once. So, how many account passwords do you need and how many poems will you remember?
This demonstrates the shortcomings of the password systems. They are designed by IT departments and security departments who completely fail to understand that the more complex and difficult the password schemes are, the more likely people will devise ways to simplify and work around it.
They will develop simple passwords that meet the requirement and they will write down and keep them under their keyboard.
Of course, the ‘strong password’ systems make the IT and security departments look good, but they are self-defeating.
I wrote a random password generator in BASIC. It mixes upper and lower case letters with numbers in a totally random sequence. I can specify how long the password should be and how many passwords that I want generated. It writes them out line by line to a text file. I keep that file (e.g. cryptic.txt) on my computer and when I need my password, I copy a certain line from that block of text that I know is my password. To anyone that would see the file, it looks like a meaningless jumble of characters.
The problem with that train of thought is that the weakest part of the vast majority of systems is the user’s password.