Do you use the same password for everything?

Vary them slightly if you’re afraid of that! Not so much that you won’t keep track, but enough so it’s not eaily guessed either.

I used to until I found out my boyfriend (now ex) found my accounts list and password and went through all of them. I changed everything and used a different password for each account and hid my accounts listing where no one can find it.

This is largely due to paranoia, but I now use different usernames depending on when I join a website, and different passwords depending on how secure or important it is. Lately I’ve used 10 character passwords that are a series of random letters, numbers and characters. Memorizing them is a bitch, but makes me feel a little better.

I use different passwords for places where my information must be kept secure than for sites where I provide little or nothing that compromises my personal privacy.

This issue does require us to use discretion and good sense. Failure to do so will come back to bite the lazy in the ass big time!

I use the same password for everything. My bank accounts have passwords and other security checks, so I don’t worry about it. Someone would have to get a lot of different info to get into my bank information. If someone steals my Fluther and Facebook password, I would be ticked but it wouldn’t ruin my life.

I use different passwords for everything and keep them in a database protected by a password (ironic, I know). I guess it’s severely paranoid of me, but better safe than sorry.

I use an internet password and a computer password which are each slightly different than each other. The computer password is much more secure because if somebody got into my computer they’d figure out the internet password anyway.

All the same. I tried different ones and kept forgetting them for sites I didn’t visit often.

I use four different passwords which are very easy for me to remember.

Not one, but a few. And I change every 6 months or so. And they are long.

Names of books, movies and songs are easy to remember but make very tough passwords. Substitute some number for letters and you have a strong password. Add an exclamation or question mark for safety!

Like:
?G0neWithTheWind
!Th3DarkKnight
Bey0ncePutARing0nIt

Yeah, I pretty much use the same one for all my accounts. I also use a password I can remember: spud.

Whoa! Is there a moderator around here who could remove that post above?

@wundayatta Sorry, I’ve already got it memorized. :)

@wundayatta

Whoa! You used to have a nice bank account. Thanks! Carnival in Rio for MEEE!!

@jaytkay Stop by and pick me up on the way. I tapped into his 401-K!

It’s a really bad idea to use the same password for everything. The recent Twitter hack where 300 pages of internal financial and other info were stolen from the company was mostly because someone used the same password for everything. A lot of other simple hacks are as well. Read about that attack for an example of how easy it is.

You don’t really know what web sites do with your password. Some store them unencrypted in a database. If that web site is hacked and the attacker has access to that database, they have ALL of the passwords in plaintext. They also most likely have your email address. If you use the same password for everything, they now have access to your email account. If they have access to your email account, they now know every single other web site you use and most likely your login and password for those sites. Even if the passwords are hashed and encrypted they can still be matched up if an attacker has the entire database of passwords unless the encryption is “salted” (some sort of text added to the password before it is encrypted).

@dverhey I would do it the other way around. Very few hackers would bother trying to break directly into a person’s computer, especially by guessing the password. Most passwords are stolen in bulk from insecure web sites. Your password is also more likely to be attempted to be guessed on an online site where it’s already public and easy to access than a hacker trying to bypass any firewalls and other security measures you have on your computer.

@jaytkay Any password cracker worth anything will know to substitute numbers for letters in common ways like substituting 0 for o. It wouldn’t do a lot to slow down a brute force attack. I would recommend using the first letters of the phrases you like to memorize instead, along with more numbers and symbols. So your first example could be GWtw19#( Capitalizing the first two letters, lowercase the second, then 1939, the year the movie was released, but holding down the shift key while pressing the last two numbers to get the symbols in there. Simple example, but impossible to guess with a dictionary attack that will guess passwords with a dictionary full of words. It could still be broken with a straight brute force attack where it guesses every possible combination of letters numbers and symbols, but that would take a lot longer.

@StellarAirman Yes, a password cracker will try variations on words in the dictionary. No, it will not try variations on song titles from a John Prine album.

Yes, your method is technically better. But my scheme is easier for me to remember and virtually the same for security.

I don’t. I keep passwords that are different, some of them have things in common, but none of them are all the same. Vary your passwords, add 123 or something in them. I think that keeping passwords that may have some type of similarity are easier to not forget, but won’t make it as easy for people to crack your password for everything else.

I use the same 2 passwords for everything. If I need to make a special password, then I will write it down somewhere. The 2 passwords that I use will never be forgotten and they’re both pretty obscure and are not going to be guessed by anybody. Additionally, I don’t give them out to anyone.

@StellarAirman Hmm, you may be right. I consider both passwords quite difficult to crack, though, and based on an inside joke from 8th grade which just happens to also be in German. If someone cracks it, they deserve to get in.

Still, you do have a point. Something to think about I suppose.

Because of security at my job, I use a SecurID, but a couple years ago I had 30 something different passwords for different sites I had to access, and each required a new password every 45 or 60 days. It’s impossible to manage that for very long. I ended up using variations on movies, like Frodo2, Gandalf3.

There are also applications to manage passwords for you these days. I use one called 1 Password on the Mac, but they are available for every platform. Just hit a button and it’ll log you in to each site and you don’t have to remember. Also sites like SuperGenPass.com can take a master password that you remember and combine it with the site URL to create a random and secure password. All you have to remember is the master password and then hit a little bookmarklet link in your browser when you need to login.

@StellarAirman Yeah, 1Password is great. I’ve just been using Allsecure right now because I got it for free. It’s also got a beautiful interface and I’m an interface whore.

KeePass for Windows is pretty good, though. Beats pen and paper.

For sites I don’t care about, yes I do, but for ones I do care about I use http://supergenpass.com to generate/keep track of my passwords. I love it because you can get your passwords from any computer

No, I have different passwords, and a locked vault to remember them for me.

I have 3 passwords for a myriad of accounts…any more and I will die from the effort of memorizing.

No, I have three that I use regularly but also a variation of all three for certain things.