How do you manage your passwords

chevy

chevy

Marvelous Da Vinci
Staff member
Mod
I recently read in a newspaper several considerations about passwords.

The first one was a provocative remark: most company forbid users to write down their passwords... the result is that people select very simple passwords, and often only one single password for all their accounts. This significantly lowers the security of the system.

The article then gave hints on how to choose "good passwords": have a safe and difficult to guess root, and then add an account specific element.
Like (simplified): gT#3rO as root
and %gm for google mail, %mx for macosx.com, %ht for hotmail, ...
Example: gT#3rO%gm, gT#3rO%mx, gT#3rO%ht

It makes it easy to remember and difficult to guess.

Do you have something similar ? Any comments ?
 
At work we use a lot of pass phrases. Example:

The weather is good to work on Servers today!

would become

TwigtwoSt! or Twig2woSt!

As long as you can remember the phrase, you can reconstruct the password. Not all of our used passwords are save though, and we definately need to change them. A lot of them were hacked with Jack the Ripper (a password cracking tool) within minutes...

I personally look forward to the mobile app "MobileSitter". It's a password wallet for Cell Phones. The nifty thing about it is, that you do not get a failure message when entering the wrong wallet code. it generates random passwords and through this, someone going through my mobile to get passwords wont know if the results are the true or false ones. It's not out yet though... :(
 
I just use one password for everything. It's "10010101". Works perfectly, and I never forget it.
 
I use 1Passwd and KeePassX. Both quite good, while 1Passwd excels for online passwords. A great click-saver when coupled with AllBookmarks.
 
I use a simple password for services that need some, but I do not care about
security. For others I have three passwords (the original was kind of based
on my watch, others are generated from it). I have Handy Safe on my
Sony-Ericsson P990i where I keep all the other passwords (those that
some service has generated the password for me).
 
I use PCMacPassword... it works on Mac, Windows and Linux. Has a portable version for thumb drives and syncs with your primary system. Very cool app. As for Mac apps... it's a little windows like... but been using it over 2-3 years now and no issues what-so-ever.
 
I use a short series of passwords for some accounts, and I write complex passwords for more secure accounts.
 
I used to have web space with a company in Dublin. They sent an email to all customers advising them to ensure we use secure passwords for our accounts, as one customer had apparently used 'IRELAND' as his/her password.
 
rhisiart said:
I used to have web space with a company in Dublin. They sent an email to all customers advising them to ensure we use secure passwords for our accounts, as one customer had apparently used 'IRELAND' as his/her password.
Click to expand...
Actually, it bothers me a little that they would know people's passwords (I assumed they would use a root account to let themselves into people's accounts, without ever actually knowing the user's password) and that they would tell other users what one person's password was...
 
It is common practice for companies that have a dedicated security team, to run "dictionary attack" (inside job, so not really an attack) against their own user base, to find out who is using "password" and other common words, accounts that would be prone to a dictionary attack.

Educating is key and by letting people know that someone had such a simple password (which may have been changed already) it gives people an idea of what a silly password would be.
 
I work in a corporate environment and am required to change my password ever 3 months, so I resort to using the names of characters from TV shows or books in combination with numbers. On my Macintosh at home I have only one password that I've ever used, and on the web, I use a version of just one word. So far everything I do with passwords has worked well.
 
ScottW said:
It is common practice for companies that have a dedicated security team, to run "dictionary attack" (inside job, so not really an attack) against their own user base, to find out who is using "password" and other common words, accounts that would be prone to a dictionary attack.
Click to expand...
Ah, yes. Of course! :)

I misinterpreted it as meaning they knew or could access everyone's passwords, which would make me rather wary.
 
My answer: Very stupidly.

I use two basic login names and three basic passwords.

I can't memorize any more than that!
 
I use Password Plus by Dataviz. It is awesome because it works and syncs on a Palm, Mac and PC. So, I can have all my passwords wherever I need them (I have at least 100). It also generates passwords with defined complexity rules. As a result of having this, all my passwords are very complex.
 
I keep my passwords on Dashboard stickies....encoding them with hints so they remain secure...like this hint: suph (superhero) for the password ba+man. This way, I can have lots of unique passwords that are just a function key away.
 
You must log in or register to reply here.
Back
Top