07.16.2008 6:00 pm
How do you keep track of the passwords in your life?
St. Louis Post-Dispatch
I have a lot of stuff that requires passwords.
- My voice mail at work.
- My network connection at work.
- Three e-mail accounts besides work.
- My Facebook, Twitter, MySpace, Technorati, Yahoo, Flickr, Google accounts — and various others.
- My church’s web site.
- My online bank account.
- My answering machine at home.
- The hide-a-key box for my house.
And those are just the ones I can think of off the top of my head. I have a system for keeping track of my passwords. I don’t think it’s a great system, but so far, I haven’t gotten burned.
We have a story in Thursday’s Post-Dispatch about tracking passwords — and how difficult it is: “In a survey of 800 high-speed Internet users in the U.S. and the United Kingdom, slightly more than half of the U.S. respondents confessed to writing down their passwords. And nearly half of the survey group said they used the same password over and over again — another big no-no.”
Do you have a system? How many things do you have that require passwords?
Kurt is the director of social media for the Post-Dispatch, where he has worked since August 2002. He's been a journalist since 1982, covering municipal government, courts, education and two hurricanes as a reporter before becoming an editor. 
My system starts with using a specific word that is common to all of my passwords. Then I vary a number following the word, typically using a number that corresponds to the number of letters in the URL. It’s pretty easy to remember, and yet each password is different. I have passwords for banking, blogging, various email accounts, Twitter, Digg, various Google accounts, work intranet and benefits programs, credit cards, and health insurance websites. Oh, and the PD site too.
What’s a ‘password?’
The more complex a password is required to be, the more likely it is to be written down. Besides, any decent application will lock your user-id after a very small number of bad password attempts, requiring alternate action of some kind in order to reset/unlock it. It dosn’t matter how fast a computer is trying to guess it if it only gets five or fewer tries at a time.
KeePass. Google it.
At last count I had over 100 passwords for various things. I typically use just one specific password if I need something temporary. I keep the others in a small password keeper program I purchased years ago. Of course I need a password to get into it.
For ultra high security passwords you can generate some here;
https://www.grc.com/passwords.htm
For the geeks in the crowd, this site does a good job of explaining ultra high security passwords.
I simply use one word and add numbers to it as they expire. For example, fido1 then fido2 and so on.
I just use “a” for all my passwords.
The truth is, as long as you have a few good passwords, never write them down, and never give them to someone else – you will be fine. The biggest problem in security isn’t the strength of your password, it’s the little post-it note under your keyboard. It’s the fact that countless people fall for phishing emails everyday. In other words – the human element. There is no point in setting the technical hurdle bar a mile high when the bad guys can just walk around it.
As for how I remember the many passwords in my life – memory. I will admit though, that some of the really obscure passwords I have (accounts I visit very rarely) I keep in an encrypted file. The password for that file is brutal – but the only place it exists is in my head.
I use variations of previous home addresses/names of people substituting symbols for vowels.
I keep them written down in a notebook at home. I need to make a copy and put it in my safe deposit box though. Keeping a list on my computer doesn’t seem like a good idea.
AJ, thank you, that site is awesome.