Passwords coming out of my ears

Top Page
This message is part of the following thread:
M+++++\the complete thread tree sorted by date
MMMMMMMDale Farnsworth at <-
.MAlexander Henry at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: foodog
Date:  
Subject: Passwords coming out of my ears
Ed Skinner wrote:
> 
>      I have accounts, logins and passwords at fifty (50) [exactly!] systems
> ...

I don't have that many accounts, but I have a bunch. The strategy
differs depending on the security I need. 

>      So, what do you do to keep track of all this? Do you:
> 1) Have the memory of an elephant?

That helps.

> 2) Keep the account names, system names and passwords in a [horror!] clear
> text file you can search when needed?

I don't, but for throwaway passwords that'd be an option. If throwaways
offer to store the password in a cookie I'll usually let 'em. (do other
people use your computer or your login?)

> 3) Keep the above data encrypted but, still in a file (and under the
> protection of a single "master" password)?

Yup. For systems that I login to infrequently I have a gpg-encrypted
list of username/pwd that I can refer to.

> 4) Keep everything on PostIt notes stuck here and there?

Not a good plan; probably OK if you live alone tho'

> 5) Use only two or three passwords over and over, a "good" one for secure
> websites, a "bad" one for unsecure sites that send you the password in
> cleartext Email every now and then, and a "throwaway" in case all else fails?
> 6) ... What?

For throwaways I'll generally use the same lame password; "wellduh", for
example.

For secure passwords, two suggestions to start with: 1, learn to write
in 1337 (Leet), 2, choose a passphrase and misspell it in leet. Combine
those techniques with a host-specific prefix or suffix and you're on the
road to using good passwords.

For example, a base passphrase could be, mnemonically, "Furby Killer".
Leet and misspell that to "fErb3k1LR", for Hotmail use "hotfErb3k1LR" -
"hot furby killer".

On lame systems with a password length limit (AFP servers, for ex),
truncate your passphrase - you shouldn't run into that situation very
often.

Once you commit your base passphrase to memory you'll become adept at
typing it quickly and accurately. Combine that with a gpg-encrypted
list, or a printout kept in a safe place. Oh, and it's a good idea to
change passwords now and then. I like to hit them all in one day
whenever possible.

My 0.03 cents 8-) allowing for inflation.

Steve

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Passwords coming out of my earsKVM Switch boxes (semi-off-topic)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)