~H

Once I used one Password, its still the one I use for my very old accounts like youtube, then I moved on to a tiny bit more secure password (the new one completely eliminated social engineering option)

Now, think I’ll just put the two passwords after each other! And problem solved. For high priority sites (with bank account accesses) I’ll throw in a number or five. I already use a modificed version of my newest Password on my PlayStation Network account (remember, it have accesses to my bank account) And I don’t see anyone easily break that one.

And criticizing openid is not valid. there is a risk of phising in openid but at the same time it give you facility to log in in various websites by remembering single password. now what u can do is make that pass as strong as possible. have u checked the openid of yahoo …its like openid.yahoo.com/213ghkagsdiu21312 some random number which is not easy to hack. so the open id providers are doing their best to protect ur accounts.

” If i put by computer switched off, surrounded by thick concrete walls in a box of heavy metal kept in a high security room through which even a insect can’t pass through, fully vacuumed even then i have my doubt’s… “

Nothing is safe in this world you can only take precautions.

And it is very irritating when sites tell me my password isn’t strong enough. I know it’s not. And I’m fine with that. I have had sites so restrictive that it took me a 1/2 hour to come up with a password. Just so I could forget it everytime I needed it and have to spend an hour resetting it and coming up with a new one. This only forces you to write down the password in multiple locations and store it on your hard drive. Hardly safe if it’s an important account. One site,I kid you not, took me 2 hours to come up with an “acceptable” password. The password it finally took?

90457$Any_Fuc_king_Pass_w0rd_Will_D0$2183

Make a root password and an additional site-specific variable.

I don’t trust one source to store all of my passwords, and I dont trust using one password for everything. My simple, but I believe elegant solution, and I cannot find the resource where I initially discovered this, is to make a root password with a variable.

By this I mean make your password:

MagicSiteWordPoint for sitepoint,

MagicFaceWordBook for facebook,

MagicTwitterWord for twitter and so on.

I actually have a handful of roots and methods of adding variables depending on the site in question, but since i switched to this method i have never needed to request a forgotten password… rather then try to be clever about a uniqe password, i know my root and can guess in 2-3 tries what i made the variable.

This went wrong last year when some forum (or special offer web site) may have had its user/password list cracked as the spare email account I use for signing into some forums / special offers was hacked – because I stupidly used the same password on it when I first set it up many years ago! 10,000 or more spams were sent out in one batch before the ISP closed the email account for excessive use.

One trick I’ve used is to combine two dictionary words – but words from DIFFERENT languages. This can be very easy to remember, but can easily have 12 – 14 characters, which makes brute force attacks harder.

The stupidest use of passwords was at a college where I taught – ALL new users were given changeme as the password. You can imagine the chaos when the students realised this. AND at the end of term you were told to change the password. And if you didn’t, it was changed back to, yes, you guessed it, changeme, after the first week or so of the holiday. So during the holidays, and summer in particular, you could enter almost any student’s account, but especially those of students who were leaving and so didn’t bother to change anything (all accounts stayed active until the next academic year started).

The IT dept thought this one up, as a security idea to force students to change passwords regularly…
Not one of their best ideas.

I got a HTML file with a list of links to sites which require a login. Behind every link I have listed the username and password. So it is no problem to select a unique username and password for every site.

To make the HTML file more secure, you can put it on a USB stick and only connect it to the computer if needed.

My 2 cents.

This way all different items based on their importance have different passwords. Sure it’d be a pain by having up to 15 different passwords, but at least it’s less of a pain than something important being compromised because of using the same password as a forum. Passwords aren’t that hard to remember, I think it’s more so which account that you have actually associated that password with which is harder.