SEARCH

How-To Geek

From the Tips Box: Personal Password Algorithms, Linux/Mac Font Rendering in Windows, and AudioManager for Android

Tips-How-To-Geek-Template

Once a week we dip into the tips box and share some of the gems we find there. This week we’re looking at how to easily generate secure passwords with a personal algorithm, upgrade the font rendering in Windows, and manage your Android volume more effectively.

Generate Secure Passwords with a Personal Algorithm

wifisecurityheader

Pat writes in with the following tip on generating secure but easy to remember passwords by using a personal algorithm:

For ages I have watched people go on and on about how to remember passwords and how they go about it. While some right them down… others use programs or spread sheets… while others use top secret methods they never disclose. For myself, I have always used a very simple method that I invented for myself. It allows me to have a different password for every site and I have never forgotten (or written down) any of them. I call it the PATS method (passwords are that simple). Here is how it works but you can modify it to your own personal style.

First, I have a standard password that I have used since the beginning of time and for this example we will say it is my first name and my street address combined. My first name is Pat and my street address is 3245. Putting these together, I get pat3245 for my base password. Now when I go to a site that requires a password I combine my “BASE” password with something from that site. Lets say I do a password for http://www.howtogeek.com. I combine my base password with the three letters from the URL of the site, in this case “how to geek” becomes “htg” and I add this to my base for the new password. Now taking the htg and combining it with my base gives me htgpat3245.

But I can also move things around for several different variations on this as the following will show. I can put the htg from “how to geek” in the middle of my base password to form pathtg3245 or put it at the end of my base password to form pat3216htg. Doing this allows me to have a password for each site that is different. If I go to www.discovercard.com, I can use dc (discovercard) plus my base (pat3245) and form the password dcpat3245 or patdc3245 or pat3245dc. You can devise your own scheme and I do have my own scheme that I cannot divulge but you get the idea.

I have been using this method for ages and it has never failed me. I have a different password for all my credit cards and banking. Now if someone should get into my discover card and try to use that same password for my banking, they would quickly be disappointed. While my exact method isn’t as simple as this, most people can use this as a model and add their own twist to it. I call this method the “PATS” method which stands for Passwords Are That Simple.”

A solid tip with an acronym to go with it? A win all around. Thanks for writing in Pat! Your method is a great and secure middle ground between using a handful of identical passwords and going full bore and having LastPass or KeePass generate totally random strings for every site.

Install an Alternative Windows Font RendererUntitled-6

Cláudio writes in with the following tip:

I’ve been looking around for a reliable substitute to gdi++ for a while. [Editor’s note: gdi++ was an alternative Windows Font rasterizer/rendering tool that has since ceased development] Yesterday I finally came across a good replacement, gdipp. It is an advanced font renderer that surpasses Microsoft ClearType in terms of a more Mac-like font render for the system and its applications. Works amazingly well and may be worth trying. Cheers!

Thanks for the tip off Cláudio! We’d wondered what had become of the gdi++ project; it’s good to see somebody has taken over the design and continued Dr. Watson’s work.

For readers who are unsure of whether or not they want to mess around with gdipp; check out the screenshot above. Essentially gdipp replaces the default font rendering engine in Windows and renders fonts in a similar fashion to those found in OS X and many Linux distributions. When using gdipp you should notice the fonts appears smoother, stronger, and better rendered than they did under the default Windows renderer (in the above screenshot the top row shows Windows ClearType and the bottom row shows gdipp). You can read more here.

AudioMananger Micro Manages Your Android Audio

Untitled-6A

Tony writes in with the following tip for managing your Android audio:

After being embarrassed by the loud audio on my Android phone one too many times (loud game music in the library, starting alarm alerts at the wrong time, etc.) I finally did something about it and installed AudioManager. You can manage the audio on your phone and create custom profilers: I’ve made profiles for the library, for class, for home, for sleeping, and more. Now I don’t have to wonder if I’ve set all my settings correctly for class or turned my ringer up when I’m at home. It’s awesome. I can’t believe this wasn’t the first app I downloaded when I got a Droid.

Frankly we can’t believe it wasn’t the first app we downloaded either. After your tip off we took it for a spin and loved it. If you’re looking for an easy way to create profiles it’s a tough app to beat. Thanks Tony!


Have a great tip to share? Shoot us an email at tips@howtogeek.com and you just might see your tip on the front page.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 08/4/11

Comments (19)

  1. Josh B.

    The password idea is actually pretty cool

  2. Ben

    It could only be because I am used to the way Windows renders fonts natively, but I prefer the way ClearType handles fonts. GDIPP appears to make the fonts blurry.

  3. Edron

    HEY! I thought this was common in the internet. But I too was using a “master” password for everything internet and a “personal” password list for my important stuff… then 2 of my MMO accounts got hacked and lo and behold my emails, facebook, and other things got hacked… after that ordeal, I actually decided on the same idea behind your password theory.
    I use my ‘new’ master password and I incorporate the website/company into the equation. I don’t stop there and add a template sentence like “likes2visit”
    So if my master password is Turtles and im visiting fileplanet it would look like “Turtleslikes2visitfileplanet”
    Of course the websites with short password bank wont work so i just remove the sentence use the first 3 letters and it becomes Turtlesfil
    i guess you can call my password method a not as simple pasword theory haha

  4. Paul

    The idea behind the password algorithm is good, but the execution is very poor.If someone does get your How To Geek password, its not a huge effort for them to realise that you just happen to have the 3 intitials of the site in your password. With that knowledge, all your other passwords just now became at risk.

    There needs to be another layer of obfuscation here, like exchanging the HTG part 1 letter forward in the alphabet so it becomes IUH, or shifting 1 key to the right so it becomes JYH.

  5. Doug Jensen

    The password scheme has several limitations as described, in addition to Paul’s observation. Many sites limit the length of passwords to a maximum of eight characters. Many sites require at least one capital letter (it could be in your base or your site-specific characters). Many sites require at least one special character, while others forbid any special characters.

  6. Steven Trovato

    Another problem with the password scheme is that just when you have everything working according to your algorithm, some sites will insist that you change your password.

  7. ReVeLaTeD

    The best way to manage passwords is not the whole master password deal. The key is to develop a logic behind your password. That logic is what needs to be complex, not really the password itself.

    This means that:
    – You should generally strive to do 8 characters regardless of whether the site requires it. That minimizes how many combinations you have to remember.

    – Identify common words that you are not apt to forget and they should, while common, be things that someone could never figure out from any form, web search or anything else about you (i.e. not your birthdate, your dog’s name, your significant other, your child, etc). You should identify at least 4 of these common words. All of my credit cards of a certain credit limit have the same password. The credit limit cannot be known unless you viewed a bank statement or I showed it to you, and since my statements are online, even if you did know what cards I have, you wouldn’t know which password to use, plus you wouldn’t even have a clue what I might have chosen for the password. Hard enough not to be guessed, but it’s simple enough that if I told you what it was, you’d be like “duh, I could remember that”.

    – don’t use straight characters, use symbols and letters always. So try $pir1teD instead of “spirited1″. With the example I gave, you have met 99% of complexity requirements with a simple word. Then you just need to remember that word for that site and which characters you used.

    – Come up with a method for your character replacement. This one I’m not going to give hints to, but basically, if you’re going to replace characters with numbers or special characters then make sure you use something common that you can remember. This is the same thing as the old decoder ring stuff you had as a kid.

    – Attach the common word to the nature of why you’re giving it the password. For example, maybe you have a bank account that you never keep money in on purpose. Your password might be Br0kejok3! – then you just need to remember the phrase “Broke as a joke”, and maybe “3” is just a random number.

  8. Kevalin

    @Doug: perhaps… but I should think that anyone with half a brain (which would, by definition, include a large majority of HTG readers) could make adjustments that could still make Pat’s method workable.

    But in any event, I’d still be inclined to keep a master password list somewhere, just in case I for some reason am no longer able to access sites, etc., that contain important information. In the event that something unfortunate happens to me, it could be vital that my family be able to get into certain of my accounts. Wouldn’t be awful for them to have to wait for the Courts or whatever to let them?

  9. GranPaSmurf

    for a “base” sequence, I use one of several current and/or old car tags. Being from Texas, there is a Lone Star in the center ” * ” and the number/letter sequence that is quite random. My family knows this, and can decode my passwords if an emergency happens.
    Oh, and now I have memorized my car tag!

  10. Vinai

    Good suggestions – but they all seem to fail if (like me) one has about 7 sites which require a change of password regularly – from once a month to once a quarter.

  11. esam

    i use lastpass to generate random passwords

  12. Instigatror

    Even better is to use a longer base passphrase,
    do your number/special char subsitution
    then delete every other (or third…) character

    So: Turtleslikes2visitfileplanet

    with substitution becomes: Turt13sL!k3s2V!s!tF!13P1@n3T

    by deleting every other character becomes: Tr1s!32!!F1P@3

    There you have another repeatable process to reconstruct a strong password.

  13. Lisa

    This is why I love Norton. They published an article giving this exact password system last year. I changed it up but it doesn’t matter if I remember them because Norton also does that for me! It remembers every password for every site so I can create something truly unique for each one. Plus it auto fills forms if I want that. It’s well worth every penny for internet protection.

  14. Doug

    I use a recipe system for passwords, actually I have several recipies, depending upon the security I think I need for a site. They all include some combination of Caps, numbers, and special characters.

    I keep a summary file lists the name of every site that I have a username and password for. Sometimes I list the user name, sometimes it is implied by the recipe I used for the site. Each entry contains the name of the recipe I use for that site If I can’t use a password that a recipe would call for, I list the nature of the changes, being as cryptic as I can to describe the change. Sometimes my notes are so cryptic that I have to try several things to get in.

    I NEVER list the recipe in any document, other than a piece of paper in my safe deposit box.
    I add a new recipe every year or so and try to drop some old ones, but the summary list always contains several password types. I keep the summary list on-line and it is synced between all my PCs when I make a change, and that is frequent. If anyone found the summary list, they would have a good idea of the sites I visit, but not how to log in, unless they have the recipe or idea of what it might be. If I wanted to allow someone access to one of my logins, I would change the password to a temporary rather than giving out the normal password, which contains a strong clue to the recipe that formed it.
    Yes, I do know what an algorithm is, but I like the term recipe for the task at hand.

  15. Benny

    No need to jam your brain memorizing things that machines can do for you, in my opinion. Sadly, none of I tried over the years works to remember my passwords. Especially when websites force to change your password limiting you with not to use the last 500 or so passwords… So, I’d rather go for “Forgot your password?” – that’s my method!

  16. John Marsh

    RoboForm.

  17. MikeAck

    I have been using AudioManager ever since I first got my Android phone and I wouldn’t use any Android device without it :)

  18. Keith Badeau

    I have to say that I use that same *exact* algorithm! Damn, I should have had it copyrighted. No, in all seriousness it is an excellent method. I’ll give away on of my passwords for an example: MSDN Academic Alliance Software Center. My base password is already strong with a combination of upper and lowercase letters, numbers, and characters. Now I created the extension to the password like this: M$dn@@66. You can see that I replaced the ‘s’ and the ‘c’ with sixes and you can figure out the rest. I then combine it with my strong, already memorized base password. This one is more elaborate than most would like but even a simple extension password described in the article combined to your strong password will be very hard to crack and if one is compromised the others are still secure.

  19. Kari

    For my passwords I have done something similar, I usually look at the site and think about what it looks like, how I use it or something to that extent. I take vowels out of the words and use my favorite numbers.

Enter Your Email Here to Get Access for Free:

Go check your email!