Technology

Big Frankie · Jan 6, 2010

Just a little venting…

Does anyone feel like they have a ridiculous amount of login/passwords for everything these days?!?!? I got about a dozen or more for work and at least 20 for personal use (recreational, finances, etc).

To make matters worse, a lot of these require fancy characters and may need to be changed periodically – tough to remember all of them. So the accountant in me made this protected spreadsheet (with a password of course :whistling:

) to keep track. My old method was either memory or sticky notes.

Does anyone else do this or use a different system?

-Frank

LarryH · Jan 6, 2010

I have an old Palm PDA with a hidden, password protected memo. Of course it doesn't help much when I create a new account and forget to add it to the file.

JHolmes763 · Jan 6, 2010

I'm wary of any password rememberin' tools as they are a single point of failure if they are ever lost or compromised.

I find it's better to come up with a system that'll yield you multiple 10-15 character passwords that meet strict rules. Sure, you have to remember the passwords, but at least they follow a system that's in your head.

The system I use has a special character, a number and a two syllable word. The idea is that the passwords starts and ends with the special character (or it's reverse, such as < and > or / and \), Then, there's the number and the shift of that number 2@, 5%, etc. between the special character. Lastly, in the middle is the word, where each syllable or part of the word is capitalized, SuperMan, ClarkKent, LoisLane, etc. So a final password would be:

/5%LoisLane5%\

That'll meet the strictest of password rules. I'm sure it sounds complex, but once you get a system down, you can remember a dozen passwords, easily. You can make the words all part of a common genre or make the related to the website/program that requires the password.

-John

Marine6186 · Jan 6, 2010

Ha! I try to use the same name and password for everything but that is almost impossible. The worse was my password for MarineOnline. It had to be atleast 10 characters 2 special characters 2 numbers and upper case and lower case letters. Oh yeah and every 2 or 3 months you have to change your password and it can't be one of your last 15 passwords... I think I knew 2 people that could remember their passwords everytime

Lucky if you forgot your password it was really easy to get a new one (everytime I logged in I had to get a new one)

KiltLad · Jan 6, 2010

In my cabeza.

I have a good memory, I think...

Now, if I could remember how to spell. :thumbs:

PJ the Comic · Jan 6, 2010

I use two passwords. I use a fresh or newer password for all monetary or financial needs. I use a secondary password for all else. Every so often when needed I change the financial password, then I use that outdated password for all the other non-vital needs. I think it is possible to generate a password that would work in almost every instance. This way I only need to remember two or very small variations of them.

PJ

4cbln3 · Jan 6, 2010

After a hard lesson learned about hard drives crashing and not rebooting, I've learned to keep all my passwords in one file on a removable hard drive. Only when I need them do I turn on the external drive. If i need a specific one while away from home, I email the text file to any of my email accounts and when finished with it, I delete it.
I feel it's a pretty secure way of "not" remembering them, I already have a brain full of little details like my name, address and ATM pin code

geldor1 · Jan 7, 2010

I just write them down on a piece of paper and put it under my keyboard.... ??? :laugh:

You wouldn't believe how many of these I find when out working on the systems in my hospital. :whistling:

StatHaldol · Jan 7, 2010

It's a pain; I have five passwords at work, all must be different and they are changed every month. I can't use the same password I've used in the last 14 months. I keep a list of them taped on the back of my name tag...LOL!

Nocturnus · Jan 7, 2010

4cbln3 said:
After a hard lesson learned about hard drives crashing and not rebooting, I've learned to keep all my passwords in one file on a removable hard drive. Only when I need them do I turn on the external drive. If i need a specific one while away from home, I email the text file to any of my email accounts and when finished with it, I delete it.
I feel it's a pretty secure way of "not" remembering them, I already have a brain full of little details like my name, address and ATM pin code

Well, emailing them is not a secure way at all. If your a BOFH or even if your not, it's easy to read mail spools. That and who knows if the mail server it's ending up on is secure or compromised.

gtadroptop · Jan 7, 2010

I use the notepad on Outlook with a keyword to identify which program that particular password is associated with. Outlook is synched with my cell phone, so I have the passwords with me at all times. As part of the security procedure, I have to change my password for our on-line SAMS/Omnia database every 6-8 weeks. There's my standard password, plus different ones for various financial sites. My Coke Rewards one is different, as is Facebook. Also have my son's supposedly secret password to his on-line gaming. It's a necessary pain to have so many.

Now if anything happens to that damned phone...

beyond the band · Jan 7, 2010

I have a universal password with small variations when alpha numeric and special characters are required.
Of course I foerget even then but within a few trys I get it.

My favorite is the Nortel phone system default password is PlsChgMe!

AngryFishH · Jan 7, 2010

Having been an instructor in the technology security field this is what I recommend to my students, YMMV.

Come up with a strong base password that you can remember and add some characters, cases, or whatever to the end specific to the place the password was used for. An example would be:

Base Password: "2+2=Four" This is a very strong 4 character set password that is easy to remember (this is just an example, pick your own strong base password that you can easily remember; quotes are for illustration only)

Let's say you are using it for CigarPass, maybe you add "CP" or "cpass" to the end.

New Password: "2+2=FourCP"

Now suppose you want to make one for Etrade

New Password: "2+2=FourEt"

Or one for a work password that expires every 30 days

New Password: "2+2=FourMWJan", "2+2=FourMWFeb", etc... you get the idea and can use any time abbreviation you want or need to stay in compliance with your companies policies

Using this method you can have multiple unique strong passwords that are easy to remember. If you need to write anything down you can just write down the additional characters on the end because all you have to remember is the base password. If someone were to steal your password file it will only have the additional characters not the base password reducing your risk in having your password compromised.

Hope this helps someone.

Fish

NullSmurf · Jan 7, 2010

Try having the keys to a $2B worth of routers and switches! Actually, we handle security on those another way. However, I too have hundreds of logins I have to manage. Try PasswordSafe to manage them. Works great for me, and its free.

PJ the Comic · Jan 7, 2010

AngryFishH said:
Having been an instructor in the technology security field this is what I recommend to my students, YMMV.

Come up with a strong base password that you can remember and add some characters, cases, or whatever to the end specific to the place the password was used for. An example would be:

Base Password: "2+2=Four" This is a very strong 4 character set password that is easy to remember (this is just an example, pick your own strong base password that you can easily remember; quotes are for illustration only)

Let's say you are using it for CigarPass, maybe you add "CP" or "cpass" to the end.

New Password: "2+2=FourCP"

Now suppose you want to make one for Etrade

New Password: "2+2=FourEt"

Or one for a work password that expires every 30 days

New Password: "2+2=FourMWJan", "2+2=FourMWFeb", etc... you get the idea and can use any time abbreviation you want or need to stay in compliance with your companies policies

Using this method you can have multiple unique strong passwords that are easy to remember. If you need to write anything down you can just write down the additional characters on the end because all you have to remember is the base password. If someone were to steal your password file it will only have the additional characters not the base password reducing your risk in having your password compromised.

Hope this helps someone.

Fish

Fish you're the man! This is good stuff. Thanks.

PJ

flamchop · Jan 7, 2010

There is a program called Type-It-in that will allow you to set macros. You just place your cursor in the field on a web page and click the button you have saved for that site. You can password protect the actual Type It In program too.

For the most part though I just go off of my memory. I actually have a .txt file on my pc with all my passwords listed. Haha... vulnerable I guess but eh if someone really wants to get into my insurance company's website and pay my bill, they are welcome to.

Technology

Big Frankie

New Member

LarryH

Stogiesaurus

JHolmes763

Drinkin' the koolaid

Marine6186

...oh you want me to say something.

KiltLad

"Live & Learn"

PJ the Comic

Official Illusione Whore

4cbln3

WTF are skin tags?!

geldor1

Can't Re- Member

StatHaldol

Well-Known Member

Nocturnus

Member

gtadroptop

You can't make this stuff up

beyond the band

cantankerous newb

AngryFishH

Official Big Fish

NullSmurf

Das Bruce

PJ the Comic

Official Illusione Whore

flamchop

65/65