Since I went to the trouble of spouting my big mouth about security, I thought I might post some ideas that I recommend to others. The disclaimer is that I’m not 100% compliant with my own suggestions so do as I say and not as I do. :-)
I tend to break my passwords up into three groups:
* Very Secure
* Moderately Secure
* Throw Away
Very Secure is basically any account that involves money or might involve people being able to get at my money. For instance my online poker accounts would be considered Very Secure. I also consider my email account Very Secure because someone could request a password reminder from a Very Secure account be sent to my email address.
Moderately Secure would be accounts for message boards, websites, and other misc places where I frequently log in. I tend to classify any site where I trust the source as Moderately Secure. Yahoo’s My Yahoo, my AOL IM, and other accounts fall into that category.
Throw Aways are sites I do not know very well, don’t plan on having a long relationship with, or simply think might be a little dodgy.
I use three different methodologies to generate passwords for each. Someone who figures out a pattern in my Throw Aways won’t be able to figure out the pattern used for my Moderately Secure and Very Secure accounts. The best way to describe it is via an example.
Let’s say I use the following pattern to generate memorable passwords for each site:
Very Secure: I might pick a passage from a book or a famous quote and use the first letter of each word along with a date or memorable number. Let’s say that the phrase I select is:
If there wasn’t luck involved I would win every one.
Since I have to keep the password to about eight characters, I’ll just take the first four words which gives me:
itwl
Now I pick a number. A good way to randomize it a bit might be to incorporate the number of characters in the name of the site in the number. So, let’s say this is my Neteller account. There are eight characters in Neteller. So I take eight, plus, let’s say my favorite number (seven) and the 25th (Christmas). Now I have 4 numbers that I’ll mix into the four letters, which gives me:
i8t7w2l5
It’s rather random, customized for each site, and relatively difficult to guess. I might even go the extra step and mix it up even more by capitalizing either the consonants or vowels depending on the first letter of the site’s name. So if I were to employ that here, Neteller starts with a consonant so my password is now:
i8T7W2L5
At ABC Poker, my password would be:
I3t7w2l5
For Moderately Secure sites I might pick a different phrase and different numbers. I might also forego the capitalization or do just the opposite (capitalize vowels when the name begins with a consonant).
For Throw Away accounts I would just tend to use the first four letters of the site name combined with my birthday or some other easy to remember four-digit number.
The advantage of this is that the level of sophistication goes up as the risk of unauthorized account access goes up. Additionally, there’s a reduced risk that if someone gets my ABC Poker password that they’ll figure out my Neteller password. And the beauty is you could even write down your little pattern as a reminder in such a way that even if someone ran across it they wouldn’t necessarily be able to decipher it.
If I had to leave myself a note on my password scheme I might just write down:
If there wasn’t luck involved . . . 7 – Xmas
In the absence of any other information, it’s highly unlikely anybody would be able to reverse engineer your password for any site (unless they read this site and you didn’t change up my recommendations even just a little).
I might even just abbreviate it as:
Luck
Anyone who ran across my little note would have no clue.
I also use a tricky little trick to secure my credit and bank cards. With so many cards, I often forget the PIN so I use a labeler and put the PIN on the card. But instead of just putting the actual PIN on the card, I add a number to the PIN. Let’s say that my PIN number is:
4567
I add the same number to all my cards: 55
4567 + 55 = 4622.
Now when I pull out my card and look at the PIN I’ve put on the card, I just subtract my seed number and I have the correct PIN.
The reason I like this one is that it adds an extra security level to the card. Most ATM’s freeze the account and confiscate the card if you try the wrong PIN three times in a row. Whoever steals my ATM card and tries to use it will automatically try the wrong number thinking I’m a complete idiot. Hopefully, he’s stupid enough to try it three times and losing the card in the machine. :-)
Anybody else have any suggestions on security precautions you regularly take?
Related posts:
- Luckily my husband funds my online account – Where are all the women in poker? by Robyn G For my husband’s birthday about 5 years ago, I...
- Diversify My Ass I read an article the other day on Casino...
- Bill’s Poker Blog Exclusive Freeroll on Chili Poker After talking to the folks over at Chili Poker we...
- US Gov Seizes Funds – What Does it Mean? Way back in 2006 when the UIGEA first passed...
- Play Money Players Are Free to Officially Hate Me Party Poker recently announced changes to their play money...
| Site | Rackback | Sign Up Bonus | US |
| Absolute Poker | 30% | 150% up to $500 |  |
| Ultimate Bet | 30% | 111% up to $1100 | |
| Cake Poker | 33% | 110% up to $600 | |
| PKR Poker | 30% | 100% up to $800 | |
| Paradise Poker | 30% | 200% up to €1,000 | |
| Players Only | 33% | 100% up to $650 | |
| Fortune Poker | 30% | 200% up to €1,000 | |
| Betfair | 30% | $1500 | |
| Aced | 30% | 100% up to $500 | |
| Poker Heaven | 30% | 200% up to €1000 | |
| Poker Nordica | 30% | 100% up to $200 | |
| Carbon Poker | 30% | 150% up to $1000 | |
| Red Star Poker | 33% | 110% up to $600 | |
| True Poker | 27% | 100% up to $200 | |
| Action Poker | 35% | 100% up to $2500 | |
| Cellsino Poker | 40% | 500% up to $500 | |
| Minted Poker | 40% | 100% up to $400 | |
| Power Poker | 33% | 110% up to $600 | |
| Interpoker | 30% | 200% up to €1000 | |
| Doyles Room | 33% | 110% up to $600 | |
| Gutshot Poker | 33% | 110% up to $600 | |
| Full Tilt Poker | 27% | 100% up to $600 | |
| Fat Bet Poker | 40% | 1000% up to €500 | |
| NoiQ Poker | 30% | 100% up to €5000 |
| Site | Rake Race | Rake Chase | Freeroll |
|---|---|---|---|
| Doyle's Room | $35,000 | ||
| Cereus Poker Network* | $7,500 | $10,000 | $10,000** |
| Cake Poker | $60,000 | ||
| Party Poker*** | $50,000 | ||
| Red Star | $23,000 | ||
| Eurobet*** | $21,000 | ||
| Players Only | $16,400 | ||
| Tower Gaming*** | $15,000 | ||
| Full Tilt Poker | $10,000 | ||
| Carbon Poker | $12,000 | ||
| Betfair Poker | $12,000 | ||
| Boss Media Network**** | $5,000 | ||
| Cellsino Poker | $5,000 | ||
| Power Poker | $5,000 | ||
| Poker Nordica | $5,000 | ||
| NoIQ | €1,500 |
* Absolute Poker and Ultimate Bet (UB) ** May not be available to all players *** Poker Heaven, Fortune Poker, InterPoker, Paradise Poker
Hi, my name is Bill Rini and this is my poker blog. I've been blogging about poker and the poker industry since around 2003-ish. Like most people I started out playing poker as entertainment in home games whenever we wanted to sit around and smoke cigars, drink beer, and eat pizza, and needed a good excuse. I started playing online shortly after the first online card rooms opened and it wasn't long before I was playing 20, 30, or even 40 hours a week or more. One day I received a phone call about a program manager position at Tiltware which was the company that consulted to Full Tilt Poker on software development and marketing. After Tiltware I spent about 2.5 years working at Party Poker where I was the poker room manager.
{ 3 comments… read them below or add one }
Props to calling the Dugglebogey Episode what it is: a password security issue.
Dugs is calling it a “hack”, which would imply that the system was compromised somehow to give someone access to his (relatively) meager account. In reality, this is a “leak”, similar to those laptop thefts where passwords and credit card information are pulled from a stolen computer. If he is using the same password for all his accounts (blogger, poker sites, porn, whatever), it’s likely that an admin or desk drone at one of those sites swiped the password.
I continue to play at FTP, and will continue to do so.
AHA! Now I have your secret formula and I will take your money, add it to Duggles and rule the world!
Here’s an article on simple, yet secure passwords, similar to the suggestions you made above:
http://www.giac.org/certified_professionals/practicals/gsec/4394.php
Note: the site opens a PDF inside a frame, which is kinda annoying.