Password Protection

The Internet old conundrum:

So you create multiple, different passwords for each site that you visit, like the security experts advise. Okay, fine. But outside of writing it down (and potentially having your list compromised), how do you begin to remember all your passwords?

Sound off in the comments below!

-Krishna

P.S. Here are the pencil sketches used for today’s comic:

sketches for 7-18-11 comic

These beautiful and intelligent people wrote

  • kaitouReply
    July 17, 2011 at 11:18 pm

    Save them in an encrypted file or in one of those “password safe” programs. Only one password that you need to remember, then.

  • MikeReply
    July 17, 2011 at 11:20 pm

    I picked up a tip from…I think it was lifehacker. For your important sites (bank, email, credit card, etc) have a strong unique passwords.

    For others, forums, and things you don’t care too much about use a template. You take a decent base password (I am going to use asterisks instead): ********

    On each of these sites, take the first 3 letters of the website (or domain) and add them to the end.

    So on PCWeenies you could use: ********Pcw

    I always capitalize the first letter and the rest are lower case. Regardless of the sites casing. I have found this a very useful system. Just remember to only use the template on don’t care sites.

  • Thomas514Reply
    July 17, 2011 at 11:21 pm

    If I were to do this, this is exactly what would happen to me!

  • seltayaReply
    July 17, 2011 at 11:23 pm

    Lastpass.

  • seanReply
    July 17, 2011 at 11:27 pm

    Been there, done that.

  • SerondrychReply
    July 17, 2011 at 11:54 pm

    1Password

  • CraigReply
    July 18, 2011 at 12:13 am

    i use keepass/keepassx. i found a website that allows me to generate a 64 char as close as you can to a truly random password. i use that stored in a buried text file. i could also go with a file to let me into the db. or even both the file and password. i love keepassx. :) also i keep the db file in my dropbox folder

    the problem i have is going through and updating passwords that do not conform to security standards

  • CodyReply
    July 18, 2011 at 12:18 am

    1Password has been a lifesaver for me. Use dropbox to sync across multiple computers, and it is available for Mac and Windows.

  • John EddyReply
    July 18, 2011 at 12:31 am

    Have an insanely secure email password that you will remember.

    Create a one-off password for a site when signing up for it, create it in notepad so you can copy/paste it.

    Do not save the text file.

    When you need to re-access the site, go through the ‘I forgot my password’ process.

  • John EddyReply
    July 18, 2011 at 12:32 am

    (I should have added, and create another brand new random password and start the process over)

  • AhitReply
    July 18, 2011 at 12:56 am

    Pa$$w0rd :)

  • ReneReply
    July 18, 2011 at 3:35 am

    Steve Gibson had this simple solution in an episode of his podcast Security Now!.

    Use a memorable word, use at least one uppercase letter, then add at least one number and one special character (like $, ], %). Lastly, invent a pattern of punctuation marks and make the password at least 24 characters long.

    The hacker intending to crack your password by brute force has to guess all characters right, all at once, and doesn’t get an indication of how many characters were right and how many wrong. So a long password really does matter, especially if it has a “wide character set.” This means it is very secure, yet still quite memorable.

    If you can’t manage the shear number of passwords, use a password like the one I described for a password manager, like 1Password, RoboForm, or LastPass.

    For a more in depth discussion, go to http://grc.com/sn and look for show #303 “Password Haystacks.” The show is also on http://twit.tv/sn303

  • AlexReply
    July 18, 2011 at 5:50 am

    I personally use one main password structure, but with a variable that will change it depending on the website/service. For example you could have a number within it that changes depending on the length of the website’s name, or use the fourth letter in it’s name. Easy to remember, but if someone gets one password, despite it being similar, it would be difficult to work out the rest.
    I should note that my system is somewhat more complicated than this…

  • Blaine MooreReply
    July 18, 2011 at 6:48 am

    Last Pass.

    I’ve gone with the “root password + something from the site.”

    I then moved on to “root password + domain name hash.”

    Now, I’m on Last Pass. Works the best.

  • Kevin RubinReply
    July 18, 2011 at 10:33 am

    Maybe I’m just getting old… But I’m getting used to the idea that I just have to click the “forgot your password” link on lots of sites and have them reset it before I can use it…

  • Mark StokesReply
    July 18, 2011 at 1:10 pm

    Ain’t it the ever-lovin’ truth! Passwords make my online life a livin’ hell! Great strip, Krishna!

  • MarkReply
    July 18, 2011 at 6:42 pm

    1Password all the way!

Tell me what you think!