Passwords, Passwords and More Passwords

Poll: How Do You Manage Account Passwords?
Total Votes: 33
I avoid passwords whenever possible.
1
One password for every account.
1
A handfull of passwords for all of my accounts.
15
Different passwords for every account.
16
  • Avatar

    Posted: 07 July 2010 11:20 AM

    Everyone seems to have a different philosophy on account passwords. What’s yours?

         
  • Avatar

    Posted: 07 July 2010 11:48 AM #1

    It’s evolved over time. The issue is that passwords that are good are impossible to remember. Passwords that are easy to remember are not very good. Plus I’m a sysadmin so I generate aLOT of passwords each week.

    Years ago I used extinct animals and plants. Struthiomomus. Marella Splendins, Cooksonia, and such.
    Then I added number substitutions Dr3pan0phycus.

    After a while though I decided that these were all known words so I made a “Random Password Generator” consisting of a box full of keys off of six keyboards. Stir the box and then grab a handful. This was cumbersome though and I had to write them down. They also tended to not be very long.

    Then dropped that in favour of keyboard patterns. These have the advantage of being complex and easy to remember because you don’t remember the password, you remember the pattern. 1q@W3e$R5t^Y7u*I, or zaq1@#$rfv for example. However I realized that there was a limit to the number of patterns I was using so the passwords tended to be similar.

    Currently I use the Give Me A Password desktop widget to generate very complex passwords: Xwsvm_hREB7g6L, 6F34T$Re#@LL!t, or nPw4*F&Y3FAZjP; for example. These are true random and quite complex. The problem is that there’s no way I can remember them. I write them down, and keep them away from my computer.

    As far as how many. I have one password for my low risk passwords. If someone logs into my CBC account and posts with my screen name I don’t really care. However, high risk accounts, bank, BCHydro, Credit Card, Computers, my WAP etc.  have unique random passwords.

    EDIT: When I say write them down I mean with a pen and paper. It’s always struck me as the hight of stupidity to keep a document on your computer with all your passwords. Even if it’s encrypted, if someone hacks into your system and gets the file they have all the computing power in the world to crack it.

    [ Edited: 07 July 2010 11:54 AM by geoduck ]

    Signature

    Courage is not the absence of fear, that’s insanity.
    Courage is knowing the risks and dangers.
    And doing what needs to be done anyway.

         
  • Posted: 07 July 2010 12:23 PM #2

    I use 1Password.  It rocks.  With DropBox - it’s available anywhere there’s an internet connection.  The best part is it’s so intuitive. Offers to generate passwords where needed, updates the changes I make, and stores all my identity, credit cards, rewards cards, etc in encrypted format.

    Now, I have one VERY strong password - difficult for others to remember even if they saw it, and very random, but that’s it. No more trying to remember.

    And since I use PGP Whole Disk Encryption, I’m not worried about anyone getting into my computer. If anyone could crack my hard disk to get the 1Password file… well - let’s just say they’re entitled to the info. They’ve worked WAY too hard not to have it… especially considering how many easier targets they’ve bypassed to get to me!

    Life made simple - 1Password.

    [ Edited: 07 July 2010 12:25 PM by Boxav8r ]

    Signature

    Will everyone who believes in telekinesis please raise my hand.

         
  • Avatar

    Posted: 07 July 2010 12:27 PM #3

    I use 1password to keep collections of passwords.  I usually don’t bother to generate secure ones, I just make stuff up by typing syllables with substitutions (but not real words) when I need a good password, or using something simple like geoduck for those random websites where you have to sign up to use them.  My bank and credit card account passwords may not even be in 1password, since I always remember them and type them by hand. My master password is only in my head, but I use it so often I won’t forget it (unless I get amnesia perhaps).

    By the way, here is a research paper (not mine) about another idea for handling passwords.  The basic idea is that we already use email providers as a “trusted” agent since you can usually recover your account password via an email, so Tim van der Horst builds a more cryptographically secure system around this.  http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http://isrl.cs.byu.edu/pubs/pp1001.pdf&ei=f5w0TNeVF4y3ngees4SzAw&usg=AFQjCNFQT8-1SY79sToBaUWSxnFf-CIOcg&sig2=CcvwyaiEVU6W3fx6l-hrMg

         
  • Avatar

    Posted: 07 July 2010 12:28 PM #4

    Boxav8r - 07 July 2010 03:23 PM

    and stores all my identity, credit cards, rewards cards, etc in encrypted format

    You had me up until there. Call me paranoid but I’m just not comfortable with all my essential eggs in one basket connected to the web. Maybe I’ve seen too many “absolutely secure” systems hacked over the years.

    Signature

    Courage is not the absence of fear, that’s insanity.
    Courage is knowing the risks and dangers.
    And doing what needs to be done anyway.

         
  • Avatar

    Posted: 07 July 2010 12:49 PM #5

    Like Geoduck I have simple passwords for low risk things such as blogs. For important accounts I use longer and more complicated ones. They are also written down, I don’t want the family stumbling around should I suffer a kernel panic.

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Avatar

    Posted: 07 July 2010 12:54 PM #6

    1Password.
    For my 636 logins.

    Signature

    Dave Barnes
    +1.303.744.9024
    WebEnhancement Services - Worldwide

         
  • Avatar

    Posted: 07 July 2010 01:44 PM #7

    geoduck - 07 July 2010 03:28 PM
    Boxav8r - 07 July 2010 03:23 PM

    and stores all my identity, credit cards, rewards cards, etc in encrypted format

    You had me up until there. Call me paranoid but I’m just not comfortable with all my essential eggs in one basket connected to the web. Maybe I’ve seen too many “absolutely secure” systems hacked over the years.

    geoduck, the online encrypted “1Password Anywhere” is a user option. You can keep it purely on your physical drive(s).

    I use 1Password as well, even though most of my important sites use variations on a few fairly strong basic passwords (up to 12 characters, no words, upper and lower case, punctuation, no birthdays or other predictable elements).

    Beyond the app itself, I have to give the Agile Solutions boys big props for customer service. They’re usually quick to respond, and very helpful, much as they can be, even when it turns out purely a PEBCAK situation (90% of the time).

         
  • Posted: 07 July 2010 01:44 PM #8

    1Password—that’s what it’s all about.

         
  • Avatar

    Posted: 07 July 2010 01:54 PM #9

    1Password!!!

         
  • Posted: 07 July 2010 03:46 PM #10

    I have 5 passwords that I use in varying levels of security. One is very low level, like the one I use on forums. All the way up to one that is crazy long and complex and needs me to be at a keyboard to type it, ie, I could not write it down for you, because parts of it are a memorized sequence of keystrokes that appears to be totally random. I NEVER use my more complex passwords on forum sites, or other sites that are low level, because you never know what the admins of such sites may do with your info.

    If you use one password, you’re going to get hacked.

         
  • Avatar

    Posted: 07 July 2010 04:48 PM #11

    Let’s not forget another part of this. Passwords are like underwear.
    For good health they should be changed often.

    Signature

    Courage is not the absence of fear, that’s insanity.
    Courage is knowing the risks and dangers.
    And doing what needs to be done anyway.

         
  • Avatar

    Posted: 07 July 2010 05:05 PM #12

    geoduck - 07 July 2010 07:48 PM

    Let’s not forget another part of this. Passwords are like underwear.
    For good health they should be changed often.

    And it is safer than going commando

    Signature

    “Works of art, in my opinion, are the only objects in the material universe to possess internal order, and that is why, though I don’t believe that only art matters, I do believe in Art for Art’s sake.” E. M. Forster

         
  • Posted: 07 July 2010 05:19 PM #13

    I’ve found 1Password to be an excellent program. It syncs with all my computers and iPhone. You always have a unique password for every site.

         
  • Posted: 07 July 2010 07:55 PM #14

    1Password for me, too!

    Signature

         
  • Avatar

    Posted: 07 July 2010 10:14 PM #15

    I have 4 levels of passwords.

    1) Involves money and money transfers which is based on a logarithm using variables representing some events of my life.
    2) Subscriptions, using a series of characters based on a word that has meaning to me.  eg the word “ripple” would be “R1pp|e”.  Not really a big deal if hacked.
    3)  Website logins:  The same for all.
    4)  Forced passwords:  you can not change them.  Placed in a file only accessible by using level one passwords.

    I am a little guy.  This should do it.  grin

    Signature

    Cheers:
    Bob