General Question

Snarp's avatar

What's the best way to/How do you manage your passwords?

Asked by Snarp (11176 points ) January 4th, 2010

Most of us know that we should not use the same password for multiple sites, that our passwords should contain numbers and symbols as well as letters, and that we should change our passwords frequently. Doing this practically in the real world is pretty difficult, what with twitter, facebook, fluther, im, work email, online billing, personal email, etc. accounts. I’ve read various tips for making this easier and still secure, but most don’t seem helpful. I’ve seen web services that will manage your passwords for you, but I still don’t trust this approach, and they are usually not free. I’ve also seen a hardware solution that you key a password into and it auto-generates passwords for all your sites and stores them for you. This seems the best in terms of security, but requires you to have the device with you to log on, and is also expensive. What do you do to manage your passwords? Do you follow the rules and somehow keep track? Use only one password? Just keep using the “forgot your password?” link? Is there a better way? Maybe some new technology that doesn’t exist yet? How about an implanted RFID chip?

Observing members: 0 Composing members: 0

40 Answers

gailcalled's avatar

I keep a huge list on a piece of paper; but they are still unmanageable.

jeffgoldblumsprivatefacilities's avatar

I have many passwords for many sites, but they are not always a different one. For example, if I’m on Fluther, I might also be on site like Last.fm at the same time, so those two have the same password. For sites associated with other things, I use another password. Email accounts always get their own separate password. Also, when I create a password, I try to create something memorable that won’t slip my mind easily. I also have a failsafe list in case I’m forgetful.

knitfroggy's avatar

I use the same password for everything. I don’t get online at work or anywhere but home generally, so I’m not concerned with security much. My husband uses the same password I do so it makes it nice if he is indisposed and I need to look at something for him and vice versa. We also both use the same number on our debit cards. With all the numbers in our lives it is nice to have some that are constant.

Simone_De_Beauvoir's avatar

Passwords related to my work (of which there are MANY) I write down on a piece of paper that I carry around – passwords relating to my job searches are in a document on my laptop. I don’t change them as often as I should.

poisonedantidote's avatar

i have no problem with mine. here is how i do it:

take something you will remember, your name, a place, a movie, and abbreviate it to its initials. then add a word, add a number, add another word, and another number. and generate a nice password. e.g. ’‘FMLdisco6peachhex99’’

once you have your password, you create variations, such as:

FMLdisco6peachhex99
FMLpeach6disco99hex
FMLpeach6peach99discohex

and so on. – if its a site you visit all the time, you can just use one of the variations, but a thing you can do is include the name of the site in your password, like this each site has a different password and is quite easy to remember and real secure. e.g:

FMLfluther6peach99hex
FMLdisco6twitter99hex
FMLpeachdiscoyoutubehex

etc.. etc..

jeffgoldblumsprivatefacilities's avatar

<—Attempts to log in on @poisonedantidote‘s profile. Hehehe. JK.

jaytkay's avatar

—I use long passwords, usually song names, they are easier to remember than single words.
—I include numbers, in a predictable way (so I can remember). For demonstration, let’s say I always type 0 (zero) for the letter ‘O’
—As a reminder I print a picture that reminds me of the song.
—So I might choose password PutARing0nIt and a picture of Beyonce.
—For banking, paypal, email I never save them on the computer or paper
—A couple of times a year I change my banking, paypal, email passwords
—For Fluther, Flickr, etc, I let my web browser save the password and I use a password for many sites.
—I use Xmarks to sync passwords on my different computers

Something I have not tried, but is recommended by people I trust, is “KeePass, available for Windows, Linux and Macintosh
http://keepass.info/.

poisonedantidote's avatar

… Very funny Mr. moderator. what a coincidence that i should have been auto logged out just now.

StellarAirman's avatar

I use 1 Password. It creates very secure random passwords for you and then enters them automatically, syncs between multiple Macs as well as online, etc. I don’t even know my password to a lot of sites, it’s just stored in the program or web site.

For the people that use the same passwords, I’d recommend reading this article to see how simple it can be to compromise every account you own with some not-very-advanced techniques that anyone with a little patience can do when you use the same password for everything.

ETpro's avatar

I used to write them down, or sometimes just intend to; then file them in alphabetical order in folders under the site’s name, or sometimes just intend to. After being bitten once too often by that haphazard system, I now have a better way. For security reasons, of course, I can’t tell anyone what it is. :-)

dpworkin's avatar

A I Roboform and the Last Pass extension for Firefox and Chromium are both very useful applications which will generate passwords for you, to your specifications, and then log you in to your favorite sites. They also fill forms, and keep track of bank and credit card account numbers. Last Pass is free. RoboForm is about $25 or so.

ETpro's avatar

@pdworkin Make sure you are prepared to survive a Hard Drive crash. Set up a dual drive with RAID controller and mirroring at the minimum. Otherwise, when a drive fails, as they invariably do, you are seriously screwed.

dpworkin's avatar

Last Pass encrypts the data and stores it on line natively, and RoboForm syncs to an on line database.

eeveegurl's avatar

I’ve always had three levels of passwords. An easy one that I wouldn’t mind/care about people hacking into. A medium one that’s suitable for everyday usage, but that I also wouldn’t be devastated if people were to hack into, and then a super-personal-private one for serious things where ZOMGMYLIFEISOVER, that has a combination of numbers, letters, and multiple languages.

jaytkay's avatar

@ETpro Make sure you are prepared to survive a Hard Drive crash.

Keepass and 1Password can be backed up and synced among computers using DropBox
http://lifehacker.com/5063176/how-to-use-dropbox-as-the-ultimate-password-syncer

DominicX's avatar

Most of us know that we should not use the same password for multiple sites

I only use 4 passwords for internet sites and I use 2 of them 90% of the time. If it’s not one of those 4, then I’m lost. My passwords are always either in Latin or Occorian, the language I created. (And yes, I’m fine with telling you that).

The only exception is my account on the Stanford website and stuff which has multiple passwords and requirements like a punctuation mark and a capital letter. In those cases, I just have them in a document on my computer in case I ever forget them.

Snarp's avatar

Since I asked but didn’t answer, here’s what I do:

I have two password themes, both are based on words that are very memorable to me, but that no one else could ever possibly realize are connected to me. One is very long, and I use it and a shorter version of it. The short version is for sites where I really don’t care about my account being hacked. The other theme word is short, and I add in numbers and symbols and re-order the letters periodically. If I forget which password I used I can usually run through a quick series and get the right one. Which is why I hate sites that lock you out after three wrong attempts. Like a password is going to be cracked in three tries. Make it at least six, maybe ten tries before lock out.

Lately I have also started using something suggested by Google, which is to make up a phrase associated with the site somehow, then use the whole phrase or the first letters of the words if it’s a long phrase, and convert some letters to symbols and numbers.

sndfreQ's avatar

On Mac OS X there is a built-in password utility called Keychain Access, that syncs to all your Macs and on Mobile Me (if you have that service).

Sarcasm's avatar

Like @DominicX, I actually have 4 passwords as well. 2 which are completely unique, and 2 that are similar to each other.

The password that I use most often uses an unusual word, with unexpected capitalization, as well as a number, and an unordinary (Chrome tells me this is not a word. I refuse to listen) punctuation mark.

Password-remembering programs feel like a waste of time. Writing down passwords on paper makes me feel unsafe, we have a lot of people who wander around the house and may stick their heads in here. I keep all of my passwords in my head, it’s safest there.

The only password I ever change is my email password, and I think I’ve changed that 3 times in the 3 years I’ve used it.

And I haven’t had an account compromised. * knocks on wood *

Snarp's avatar

Back in the old days, before I had all these passwords to worry about, I went backpacking in Europe. I used credit cards for most of my expenses, and I carried an address book. Two of the entries were entirely fake and consisted of my account numbers broken up into pieces to become street addresses, phone numbers, and zip codes with made up names in between, so I could easily call and cancel if my credit cards were stolen. Never had to use them, but I always thought it was a brilliant idea. One could probably do something similar for writing down passwords.

janbb's avatar

I don’t – they “manage” me.

gailcalled's avatar

@janbb: So you really are une femme de ménage?

dpworkin's avatar

@gailcalled where were you when we needed you to puncture a miscreant’s amour propre, and send him fleeing?

janbb's avatar

@gailcalled Don’t worry, we all “meneged” to send him packing just without your inimmitable je ne sais quoi.

gailcalled's avatar

@janbb @pdworkin : Isn’t amour the maker of that jambon we keep mentioning?

janbb's avatar

@gailcalled I think you’ve really cooked @pdworkin ‘s (frequently referred to) bacon with your armour propre.

Breefield's avatar

I have around 200 passwords. Rather, I have one for my servers and another for my emails. I use the pattern “flut-password_here” for all my other passwords.
So say my password was s83mx4ls93.
Fluther.com’s password would be “flut-s83mx4ls93”,
Digg.com’s password is “digg-s83mx4ls93”,
Facebook.com’s is “face-s83mx4ls93”,
and so on…

gailcalled's avatar

That was clear.

ETpro's avatar

@Breefield You will now need to change your strategy. You have posted very clear information about how to replicate your password in a public forum that is widely search-able on Google.

Breefield's avatar

Yeah, but that’s not my actual password @ETPro…just an example.

ETpro's avatar

@Breefield Ah! Glad to hear that. Just trying to look out for my fellow Flutherites.

mattbrowne's avatar

I stored a template in my brain. And then I rotate characters when being forced to. The future might be this

http://en.wikipedia.org/wiki/Keystroke_dynamics

http://www.psylock.com/index.php/lang-en/products

Snarp's avatar

@mattbrowne Darn it, the technology page is in German! That really only bothers me because my German is so rusty and I wish I had been keeping it up.

mattbrowne's avatar

@Snarp – I thought the site was bilingual. Sorry. Send them an email, they will explain the technology in English. Couple of weeks ago our IT department invented them over and they gave a presentation. I wasn’t at the office on that day, but spoke with a couple of colleagues and most were really impressed. The only downside is having to type at least 30 characters every time you leave and return to your desk. We’ve got a policy that requires to lock our screen, even if it’s just a 2 minute break to take a leak or get a cup of coffee. But no more quarterly password changes. And implementing a single sign on approach still means there are plenty of systems and apps that need to be changed. But imagine the millions that could be saved from reduced hotline calls. Passwords issues are number 1 worldwide. Followed by, help, I can’t print anymore of course…

Snarp's avatar

@mattbrowne Apparently the home page is bilingual, but it doesn’t work with some of the other pages. Actually the wording on the German page seems pretty simple, I think I could get through it and it would be good for my brain.

psylock's avatar

Hello,
thank you for the comment about the technology-site of psylock! We found the mistake and now you can read it in English, too. I hope you enjoy the technology of typing authentication! Don’t hesitate to write, if you have any questions about the keystroke solution (info@psylock.com)
http://www.psylock.com/index.php/lang-en/technology

mattbrowne's avatar

@psylock – Great, thanks !

psylock's avatar

@mattbrowne-You are welcome!

AshlynM's avatar

There is are free programs contact keeper and total organizer. You can save all your important data in here, not just passwords. Or…write them all up in EXCEL and keep the sheet handy.

I use total organizer. I tend to use long passwords and change them every few weeks.

It’s ridiculous how everything we do online needs a password!

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther