Quote:Original post by Sirisian I have 7 levels of passwords. Top being mail/banking then it goes down to small online games and such. I've rotated the passwords down before since a lot of my friends knew my weakest password so I created a new strong password and pushed the rest down. It's so odd when I go to a site and I have an account there and I don't even remember registering.
Same here. I have 'proper' passwords for important stuff, and essentially two simple passwords for unimportant stuff like forums (and some permutations thereof for character type and length restrictions)
I may go with something like that; I'm already juggling 6 or 7 passwords without causing problems. I could just recreate most my passwords to make them more secure (adding symbols and numbers, I mean), and use several different security groupings of passwords.
One of the problems with browser-integrated applications, is that occasionally I need passwords for online games that aren't ran in a browser, where these tools can't help me. I should also look through all the sites I have accounts for, and discard those that I no longer use.
I usually go by the said method of having 6 or 7 passwords and running through the list when I am not sure. Work alone has a password for e-mail, another for the network, another for the expense reports, another for MSDN, another for PS3 DevNet, and finally a 7-digit number for voicemail. Going through my memorized list doesn't always work -- some systems will lock me out if I fail 3 times, and I have to call IT to reset it.
In most cases I tend to have my passwords following set key "shapes", i.e. my hands always press the keys in a set pattern. I then just alternate it based on the starting key, which is determined by what site I'm viewing.
I'm surprised so few people use password managers. I've been using Keepass for several years and couldn't imagine living without it. My database has about 200 entries I think, and I have copies of the database at work, on a flash drive and on my home computers. Even if I had a clever system for alternating passwords, I wouldn't want to use the same user name or email-address everywhere...
I just generally use one of two passwords I have for everything. I don't use these for important things most of the time, either because it's a bad idea or because te password is too simple.
I used to use an MD5 hash as an 'important stuff' password, but then I made the mistake of telling my brother what it was generated from and he thought it would be funny to flaunt that he knew it and changed my desktop's password with it. So, maybe next time SHA-1...
Anyway, I don't bother with password remembering stuff because I don't have much need for them. There's always the password recovery on websites I don't visit but once a year.
Success requires no explanation. Failure allows none.
