The Internet old conundrum:
So you create multiple, different passwords for each site that you visit, like the security experts advise. Okay, fine. But outside of writing it down (and potentially having your list compromised), how do you begin to remember all your passwords?
Sound off in the comments below!
-Krishna
P.S. Here are the pencil sketches used for today’s comic:
kaitou
July 17, 2011 at 11:18 pmSave them in an encrypted file or in one of those “password safe” programs. Only one password that you need to remember, then.
Mike
July 17, 2011 at 11:20 pmI picked up a tip from…I think it was lifehacker. For your important sites (bank, email, credit card, etc) have a strong unique passwords.
For others, forums, and things you don’t care too much about use a template. You take a decent base password (I am going to use asterisks instead): ********
On each of these sites, take the first 3 letters of the website (or domain) and add them to the end.
So on PCWeenies you could use: ********Pcw
I always capitalize the first letter and the rest are lower case. Regardless of the sites casing. I have found this a very useful system. Just remember to only use the template on don’t care sites.
Thomas514
July 17, 2011 at 11:21 pmIf I were to do this, this is exactly what would happen to me!
seltaya
July 17, 2011 at 11:23 pmLastpass.
sean
July 17, 2011 at 11:27 pmBeen there, done that.
Serondrych
July 17, 2011 at 11:54 pm1Password
Craig
July 18, 2011 at 12:13 ami use keepass/keepassx. i found a website that allows me to generate a 64 char as close as you can to a truly random password. i use that stored in a buried text file. i could also go with a file to let me into the db. or even both the file and password. i love keepassx. :) also i keep the db file in my dropbox folder
the problem i have is going through and updating passwords that do not conform to security standards
Cody
July 18, 2011 at 12:18 am1Password has been a lifesaver for me. Use dropbox to sync across multiple computers, and it is available for Mac and Windows.
John Eddy
July 18, 2011 at 12:31 amHave an insanely secure email password that you will remember.
Create a one-off password for a site when signing up for it, create it in notepad so you can copy/paste it.
Do not save the text file.
When you need to re-access the site, go through the ‘I forgot my password’ process.
John Eddy
July 18, 2011 at 12:32 am(I should have added, and create another brand new random password and start the process over)
Ahit
July 18, 2011 at 12:56 amPa$$w0rd :)
Rene
July 18, 2011 at 3:35 amSteve Gibson had this simple solution in an episode of his podcast Security Now!.
Use a memorable word, use at least one uppercase letter, then add at least one number and one special character (like $, ], %). Lastly, invent a pattern of punctuation marks and make the password at least 24 characters long.
The hacker intending to crack your password by brute force has to guess all characters right, all at once, and doesn’t get an indication of how many characters were right and how many wrong. So a long password really does matter, especially if it has a “wide character set.” This means it is very secure, yet still quite memorable.
If you can’t manage the shear number of passwords, use a password like the one I described for a password manager, like 1Password, RoboForm, or LastPass.
For a more in depth discussion, go to http://grc.com/sn and look for show #303 “Password Haystacks.” The show is also on http://twit.tv/sn303
Alex
July 18, 2011 at 5:50 amI personally use one main password structure, but with a variable that will change it depending on the website/service. For example you could have a number within it that changes depending on the length of the website’s name, or use the fourth letter in it’s name. Easy to remember, but if someone gets one password, despite it being similar, it would be difficult to work out the rest.
I should note that my system is somewhat more complicated than this…
Blaine Moore
July 18, 2011 at 6:48 amLast Pass.
I’ve gone with the “root password + something from the site.”
I then moved on to “root password + domain name hash.”
Now, I’m on Last Pass. Works the best.
Kevin Rubin
July 18, 2011 at 10:33 amMaybe I’m just getting old… But I’m getting used to the idea that I just have to click the “forgot your password” link on lots of sites and have them reset it before I can use it…
Mark Stokes
July 18, 2011 at 1:10 pmAin’t it the ever-lovin’ truth! Passwords make my online life a livin’ hell! Great strip, Krishna!
Mark
July 18, 2011 at 6:42 pm1Password all the way!