Remembering Passwords

[ffreeloader]

Quote:

Originally Posted by neilmowforth

I choose my password dependent on what the site holds. E.g. this forum, my low security generic password, e retailer sites which store my card details have a medium security password (a mixture of numbers, capitals and lower case - but still rememberable), high security sites, such as my bank & email have a higher security password (a mixture of everything which means nothing to anyone - except me).

I guess I don't understand your last equating of needing as secure a password for email as for your bank login. Unless all the POP and IMAP servers you access to get your email use TLS or something like for all your email anyone can sniff your network traffic and get your email username and password. They are transmitted in clear text over the internet to almost all ISP's and IMAP email services.

I use the least secure password I have for email accounts because of it. It's just too easy to steal.

Now, if I'm encrypting email using PGP, or something similar, then I'll use a strong password, but email being so readily sniffed just isn't worth it. Email as about as insecure as things get....

[neilmowforth]

Is it, oh dear! I only use web based email if that makes a difference.

The reason I use a secure password for it though, is if that gets hacked then you could go round all the other websites requesting an password email reminder etc.

[Arroryn]

I just... remember them.

But I have my own 'system' as most people probably do. I think it's secure, but there again, most people feel secure until they're done over

I use a different password for each social site I frequent; I also have different passwords for all of my retail accounts. They all draw on the same theme for the word, but it's a rather vague theme (books) using a vague drawout (phrases from books) that are memorable to me. To give it a possible edge on security, I reference the phrase in a language that is not meant to be the core language of the site I am on (I know doesn't matter with sniffers or whatever, but it makes me feel safe!) I then intersperse each one with numbers, upper and lower case characters, and special characters.

Voila.

Some sites, it takes me maybe three attempts to remember the password. But I've never locked myself out (yet). And I tend to rotate the passwords on a monthly or bi-montly basis, depending on how proactive I'm feeling.

Of course, strong passwords are a moot point where they become so convoluted that you can't type them at a good speed. I've heard of domain admin passwords being had, just because a slowly-typing tech was being watched by a speed typist, who thought it would be a long-term good idea to have admin rights on their PC. Oooh dear.

[ManicD]

Quote:

Originally Posted by neilmowforth

I choose my password dependent on what the site holds. E.g. this forum, my low security generic password, e retailer sites which store my card details have a medium security password (a mixture of numbers, capitals and lower case - but still rememberable), high security sites, such as my bank & email have a higher security password (a mixture of everything which means nothing to anyone - except me).

I have a variaty of passwords, and i randomly assign then to websites, each holds a different security level for me, and i just mentally keep track of what goes where. is not an exact science but i do seperate things like, email, bank account and forums etc.

[mark_uol]

You could try the mnemonic system. Pick a well known sentence such as “Mary had a little lamb its fleece was white as snow”. Now abstract each initial character then capitalize every second one.
MhAlLiFwWaS
Next introduce a non-alphanumeric character “/”
M/h/A/l/L/i/F/w/W/a/S
Now you can safely write down Mary ½ as an aid to memory. This password is medium strength in that it is invulnerable from dictionary attacks forcing a “brute strength” attack which is costly to the attacker.