Password follies

[DeltaSierra]

In todays day and age, its not uncommon for people to be a member of hundreds of websites, each having their own set of rules regarding logins and pw's. Some have length limits - must be X letters/characters long, or must be no more than X letters/characters long, or must include at least one number, or must include a number AND a symbol, or may not include any symbols or numbers, etc etc you get the picture.

For example just off the top of my head, I have 4 different banks, more than 20 forums, various newspapers/news sites, game sites, blogs, and whatnot that I use every day. Now for my own personal computer, I have different passwords that I reuse - yeah I know we aren't supposed to do this but seriously - HOW can anyone remember 150+ logins/pw's???????? For blogs/forums that I'm not too worried about and simply need to login to make comments or stuff I have one pw that's pretty easy to remember. For stuff like banks and the like I have super strong pw's that use the maximum characters/symbols allowed.

The issue at hand is that with the exception of the maybe 20 or so websites I go to on a daily basis, its freaking hard to remember the pw's for the other 100 or so that I only visit maybe once a week or once a month. And then there's the sites that assign you your login/pw and you can't even change it! How are you supposed to memorize C47dk2W as your login for some obscure website that you visit maybe once a month, and it won't let you change it?

I've heard of people using programs like Keepass and LastPass, but just how safe are these programs? And when you have to deal with something like a computer crash, you're shit outta luck.

I've tried some "formulas" for making passwords such as using the first/last letters of a website combined with a grouping of words/numbers that are easy to remember but when you run into websites that only allow 6-8 characters/symbols or other ones that require you have at least 9 or more it gets more difficult to customize them so that you can actually use/remember them.

So my question is - you IT/techy types, just how do YOU keep up with the multitude of logins/pw's that you have to remember? I'm betting the 150+ I have is just a drop in the bucket compared to some of you - I'm not asking you to give your pw's or your secret, but a little help would go a long way. I'm tired of having to reset pw's because I've forgotten the damn things.

[Sakka]

Quote:

Quoth DeltaSierra

So my question is - you IT/techy types, just how do YOU keep up with the multitude of logins/pw's that you have to remember? I'm betting the 150+ I have is just a drop in the bucket compared to some of you - I'm not asking you to give your pw's or your secret, but a little help would go a long way. I'm tired of having to reset pw's because I've forgotten the damn things.

I'm one of the ones who uses KeePass. Every time I make a change to it, I make a copy onto a thumb drive that is always on my person (carry it with medication I need to stay alive), there is a copy of the file on my notebook which is almost always within my reach, and two more thumb drives plus a full print out of everything in two different safe deposit boxes at two different banks. (4 thumb drives and two hard copy print outs that are updated bi-weekly or monthly depending on changes)

[Crossbow]

Quote:

Quoth Sakka

I'm one of the ones who uses KeePass. Every time I make a change to it, I make a copy onto a thumb drive that is always on my person (carry it with medication I need to stay alive), there is a copy of the file on my notebook which is almost always within my reach, and two more thumb drives plus a full print out of everything in two different safe deposit boxes at two different banks. (4 thumb drives and two hard copy print outs that are updated bi-weekly or monthly depending on changes)

I'll second Sakka. KeePass or PasswordSafe are both secure. I use KeePass, personally, but I know others that use PasswordSafe. My routine is to keep the pw database encrypted with a good password, and keep he file in my Dropbox folder. This way it's synced across my pc, laptops and phone. I also keep a copy on a thumb drive, just in case. My wife has the password and also has access to my Dropbox folder, so she can use it as needed.

[suburbandecay]

One of the IT security blogs I read posted a link to this: http://www.passwordcard.org/en in regards to the linked in hack. I've been thinking about making one and trying it out. Seems like a very novel way of creating secure passwords

[draggar]

I have a method based on how well I want to protect my account.

I have a basic password and/or phrase. Depending on how important that account is and how it would bother me if someone got the password is how much I add to it.

For example:

password
thisismypassword
1234thisismypassword

... and a few more levels I won't disclose but I guarantee no brute force will get them.

[tech_monkey]

XKCD has it right in my opinion. Add in the minimum extras (punctuation, number and a capital letter) and you have it.

[Naaman]

I've used LastPass as a password manager for over a year and not run into any problems with it

[emax4]

I have issues remembering a lot of my personal account passwords for my internet, electric, and phone bills. When I go to the sites though, I can just check the preferences for my passwords. If using Firefox, I go to Preferences (Mac) --> Security tab --> Saved Passwords. When you click that, it shows the site and the login, then you have to press "Show Passwords". This way instead of fumbling and trying for the right one, I get the correct password on the first try.

Firefox won't let you highlight the list and save it. Instead, you have to take screenshots of it. If you have a PC and are not using a specific screen shot program, you press PrintScreen on your keyboard, then paste it into a paint program or graphics program, crop what you want, and save it. On a Mac you can press Command + Shift + 3 to take a shot of the entire screen, or Command + Shift + 4 to change the cursor shape and draw a rectangle around the area you choose.

[Cazzi]

I've also been using Lastpass for a while now, also with never a problem

I also use password haystacks for some things too if you prefer not to use a password manager.