MobileRead Forums - View Single Post

Penforhire · 04-30-2011, 01:06 PM

The biggest problem with the system approach, integrating fixed strings with some portion of the URL, is many programs/sites have different password requirements (fixed # of chars, upper case, lower case, numbers/upper/lower required). Oh, and don't forget the security-conscious programs, like SAP at work, that require us to change our password every few weeks and don't allow a small rotation of passwords.

Otherwise it still has a weakness in that if someone steals your password for a given site they can usually figure out your naming algorithm and apply it elsewhere, making a simple system not significantly different than using a fixed password to start with.

04-30-2011, 01:06 PM	#26
Penforhire Wizard Posts: 2,230 Karma: 7145404 Join Date: Nov 2007 Location: Southern California Device: Kindle Voyage & iPhone 7+	The biggest problem with the system approach, integrating fixed strings with some portion of the URL, is many programs/sites have different password requirements (fixed # of chars, upper case, lower case, numbers/upper/lower required). Oh, and don't forget the security-conscious programs, like SAP at work, that require us to change our password every few weeks and don't allow a small rotation of passwords. Otherwise it still has a weakness in that if someone steals your password for a given site they can usually figure out your naming algorithm and apply it elsewhere, making a simple system not significantly different than using a fixed password to start with.