Ideas on passwords and security

I was just talking about this issue with my sys admins after being given a new fairly strong password that I will never remember. Have to keep somewhere or ask for repeatedly when needed.

I’ve long advocated multi-segmented password policies for companies.

Essentially you have a personal password plus a prefix and suffix.  Different logins would correspond accordingly.

> company prefix might be ‘wanu3’

> personal password might be ‘catpi11ar’

> site/server suffix would vary
– ‘ved3xob’ (development server)
– ‘mbx’ (mail box)
– ‘navalforce’ (ie: for salesforce)
OR a pattern (such as no vowels).
– dvsrvr3
– mlbx
– slsfrc


What this would do is multi-fold. First there is a generic corporate prefix. This can be changed periodically across the board. (Say once a year, or after a big layoff.)

Then there is a personal password, this makes it so that a password is unique to you.  Now in the case of system passwords, you might have a generic for this be it for a sysadmin account or a database authentication virtual user.

Than finally you have a suffix, this distinguishes each device.  It should be fairly simple and easy to remember for all devices (such as a pattern). But this helps make things more secure by ensuring that if one site is compromised (web server) they cannot simply use that password against other infrastructure elements (ie: your database). Because they’ll be different.

Essentially, you’re reducing the passwords to only three significant components. Now your users need only remember three things for all their corporate passwords. The current corp password, their personal password, and the device pattern.


You can have passwords that are extremely complex from a technical point to break. Symbols, spaces, numbers, etc.  While being easy enough to remember rather than being kept on sticky notes under keyboards, in drawers or text files on local machines.

– Jason

Thanks to Aral Balkan for his recent post which was the inspiration in my sharing on this topic.

1 Response to “Ideas on passwords and security”

  1. 1 Christopher Keeler June 27, 2008 at 8:26 am

    Cool idea Jason. I never thought about it like this, but I like it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

June 2008

Awesome Developer Conferences

Nxtbook MediaFormer Employer - Great Company

The Saj... "Dark Lord of the SWF"