Discussion Forum > Passwords
Yes, the best method is to learn them off by heart. This is easy with the ones you use all the time. Simply make sure you enter each password manually every time rather than let your browser enter it for you. You'll soon have it written into your mind indelibly.
For ones I only use occasionally, frankly I usually use the "Forgotten Your Password?" option!
For ones I only use occasionally, frankly I usually use the "Forgotten Your Password?" option!
November 17, 2008 at 23:06 |
Mark Forster
Mark Forster
Hi Steve,
If you're a Mac user, I highly recommend 1Password, which is a great app. It creates secure passwords for you, and remembers them; and (my favourite feature) it logs into websites for you. A great timesaver, and greatly increases security, partly because you never have to use the same password in multiple places. I know they have a system for keeping your data synced if you use more than one computer; I just don't know much about that, because I just take my laptop everywhere. (There's also a nice iPhone app which syncs to your desktop, but you could just have it on your desktop and laptop – no need for an intermediary device. Or so I gather.)
Best,
Martin
If you're a Mac user, I highly recommend 1Password, which is a great app. It creates secure passwords for you, and remembers them; and (my favourite feature) it logs into websites for you. A great timesaver, and greatly increases security, partly because you never have to use the same password in multiple places. I know they have a system for keeping your data synced if you use more than one computer; I just don't know much about that, because I just take my laptop everywhere. (There's also a nice iPhone app which syncs to your desktop, but you could just have it on your desktop and laptop – no need for an intermediary device. Or so I gather.)
Best,
Martin
November 18, 2008 at 14:49 |
Martin
Martin
Thanks Mark & Martin for the suggestions.
Regards
Steve
Regards
Steve
November 18, 2008 at 21:54 |
SteveH
SteveH
Bruce Schneier, an internet security guru, had this to say, which is somewhat counterintuitive:
Bruce Schneier Blazes Through Your Questions - Freakonomics Blog - NYTimes.com
http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/
Q: How do you remember all of your passwords?
A: I can’t. No one can; there are simply too many. But I have a few strategies. One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe. It’s is a small application — Windows only, sorry — that encrypts and secures all your passwords.
He also links to this post (http://www.schneier.com/blog/archives/2007/01/choosing_secure.html?pagewanted=print) on creating secure passwords and why so many passwords are easy to crack.
For myself, I use a low-security password and have adopted a "template" that I read about in a security document. I use this template for all hi-security sites (such as those that store personal info, like Amazon), but the contents change based on the site.
1. The first and last characters of the password are non-alphanumeric; pick a shifted symbol from the keyboard, for example.
2. Then, take the first two letters of the site and capitalize the first letter.
3. Put in a four-digit number, perhaps a date of some personal significance.
4. Type in the rest of the site's name, capitalizing the first letter.
So, for Amazon, a password I create could be (don't worry, this is fictional example):
[Am4567Azon[
And for Paypal would be:
[Pa4567Ypal[
Because you're using the same elements over and over, just changing the variable content based on the site, it should be easy to recall what your password is.
The advantage of this passphrase technique is that it's sufficient number of characters and mixes symbols, numbers, and capital letters. It makes for a pretty tough passphrase to crack. And the goal may be to slow the bad guys down long enough so they give up and go to an easier target.
Some web sites don't let you use unusual symbols or more than a certain number of characters and they always seem to tell you this after you've created the password! In that case, writing it down and keeping it in a trusted system may be the way to go.
Sorry for the lengthy post!
Mike
Bruce Schneier Blazes Through Your Questions - Freakonomics Blog - NYTimes.com
http://freakonomics.blogs.nytimes.com/2007/12/04/bruce-schneier-blazes-through-your-questions/
Q: How do you remember all of your passwords?
A: I can’t. No one can; there are simply too many. But I have a few strategies. One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe. It’s is a small application — Windows only, sorry — that encrypts and secures all your passwords.
He also links to this post (http://www.schneier.com/blog/archives/2007/01/choosing_secure.html?pagewanted=print) on creating secure passwords and why so many passwords are easy to crack.
For myself, I use a low-security password and have adopted a "template" that I read about in a security document. I use this template for all hi-security sites (such as those that store personal info, like Amazon), but the contents change based on the site.
1. The first and last characters of the password are non-alphanumeric; pick a shifted symbol from the keyboard, for example.
2. Then, take the first two letters of the site and capitalize the first letter.
3. Put in a four-digit number, perhaps a date of some personal significance.
4. Type in the rest of the site's name, capitalizing the first letter.
So, for Amazon, a password I create could be (don't worry, this is fictional example):
[Am4567Azon[
And for Paypal would be:
[Pa4567Ypal[
Because you're using the same elements over and over, just changing the variable content based on the site, it should be easy to recall what your password is.
The advantage of this passphrase technique is that it's sufficient number of characters and mixes symbols, numbers, and capital letters. It makes for a pretty tough passphrase to crack. And the goal may be to slow the bad guys down long enough so they give up and go to an easier target.
Some web sites don't let you use unusual symbols or more than a certain number of characters and they always seem to tell you this after you've created the password! In that case, writing it down and keeping it in a trusted system may be the way to go.
Sorry for the lengthy post!
Mike
December 6, 2008 at 18:33 |
Mike Brown
Mike Brown
Oh, the low-security password I mentioned is what I use at sites like NY Times or places that just need a username and pwd to register, such as online forums.
December 6, 2008 at 18:34 |
Mike Brown
Mike Brown
Hi Mike
Thanks for posting this. It's given me some ideas and the Bruce Schneier links were a really interesting read.
Cheers
Steve
Thanks for posting this. It's given me some ideas and the Bruce Schneier links were a really interesting read.
Cheers
Steve
December 7, 2008 at 13:10 |
SteveH
SteveH
Have you any suggestions for a system for keeping track of passwords. For years I've been using a program on my Palm to store them but since switching to DIT, I no longer have the need to cart it around with me.
Portability is important to me as I use a desktop and laptop (Macs).
Thanks
Steve