I read about this guy who always had difficulty remembering his password so he changed his password to "incorrect".
Now when he tries to log in and it fails the system tells him "your password is incorrect".
1 Like
Nice.
I use a similar thing for car insurance comparison web-sites where I can pick my security question. It reads something like "Is you password 10 zeds with the first one capital and the last one a digit two?" I use a non-existent e-mail address to avoid the 'marketing' where I can.
Miles better than the server where our so-called security experts insist that everyone have a random password generated for them to ensure it is not easily guessable, missing the point that everyone then has to write it down because it is not that easy to commit 12 mixed-case with numbers and punctuation to memory.
Robin
Depending on your threat model there may be little problem in writing down passwords. My company is under near continuous assault from countries like China and North Korea. We are required to use very long and complex passwords but we are allowed to write them down. We assume that while a bad guy might walk the campus and do a candy drop or something, the bad guy will not gain entrance to our buildings. We have decent building security. And if the bad guy does get inside the building, it won't be for passwords.
At work I use my own custom password generator for most passwords. But sometimes I "double-dip". For example, I might use "brothers-cell=666-555-1111" as a password. I need to memorize my brothers cell phone anyway. So when I memorize a password I also memorize something useful.
1 Like