All the passwords at school drive me nuts - one for email, a different one for faculty portal, a different one for campus student files, yet another one for HR dept. and so on. Plus, you just get used to one and then have to change it and remember it next time.
The best is for the teacher’s computers in each lab. Most of them are idiotic - you simply type in the same password as the log in name. Plus, there is absolutely no need for a password, as there is nothing on the teacher’s computer that is not on the student computers.
However, the best and most original is the password they have in the Game Design lab. I had to teach a class there and tried everything - the default log in name is “Game Design” so I tried “gamedesign” - nope. Then I tried “game” - nope. Then I tried “gamer” - nope. I tried several more until I got pissed off and just left it blank and - bingo!
They set their computer to only open if you do NOT use a password.
I used the same password on everything for a really long time. Only recently has anyone cared enough to actually bust in. Fortunately, it’s never been anything important.
Now I tend to use initialisms of phrases that are easy to remember, with symbolic quirks that only I know.
I also use two different classes of passwords: one type for sites that aren’t that big a deal if they get hacked, and more complex type for more important stuff.
Like a few others, I have different levels of passwords. Even at the basic level, the password that I use (and its variations) contains a couple of numbers and a capital letter.
For work, where some of the pws are changed monthly and not allowed to be repeated, I use fairly secure ones. Instead of writing them down on a post it, I bury them in a folder on my H-drive that’s named something that totally blends in. It’s pws protected, but by one that doesn’t change all of the time and that I can remember easily.
I use a password off the crappy list for sites I don’t care about but for things that matter I rotate one password through that gets changed every time my office makes me rotate (90-120 days). A couple back I had just watched Office Space so my password was 1mil+Me=2chicks I had a really hard time not telling everyone.
My job requires me to maintain many passwords for many different systems and databases. I also am forced to change them regularly (every 60-90 days). Most of the systems have stringent requirements for the passwords to make them strong, like “8-12 characters, two must be symbols, one must be cap and one must be lowercase”…and they log all my previous passwords and don’t allow me to re-use them…and in some cases, I can’t re-use variations on them if there are several characters in common.
Also, I only need to access some of these systems a few times a year. So often, it’s been months since I’ve used or thought about this long, highly randomized password that I have frequently changed and that I’m not allowed to have written down anywhere.
Sometimes IT is responsible for the post it notes.
Our IT department had the bright idea of expiring passwords every month. We also can’t repeat a password that we already used.
The result? People couldn’t remember their newest password.
Some people used the number of the month. Frank01, Frank02 etc.
Others kept a post it note handy.
We had more secure passwords when they only expired once a year.
Meh, I gave up on secure passwords years ago. Too much work. I use the same super-simple password for everything. Go ahead, hack my forum account, read my e-mails, order stuff on my amazon account, what do I care. Joke’s on you, signups are free anyway. For less effort than hacking my account you could create your very own.
A password I use for non-sensitive applications is on there (no, it’s not “nipples”.)
For numeric passwords/PINs, I got my first ATM card when I was a sophomore in college in 1988. Since then pretty much any 4-digit password I’ve used has been a variation of my dorm room number that year.
This is me as well. And it drives me NUTS. So I do write them all down on a piece of paper next to my computor. I have one common string that I write down as _________ with the various numbers/symbols before and after. Of course, I write them all in pencil b/c I have to keep changing them all the time! GRRRR! If you guess the string, well, you get to see my work files and my e-mail and my travel authorizations, and all sorts of good stuff!
Solid password management can be cumbersome, as a few others have noted. I’m in IT as well, and I have so many personal passwords for various work and personal related functions that I’m forced to maintain a personal password database just to keep track of them all. The database is encrypted of course, but all it would take is one keylogger to capture the master key to defeat this (or someone looking over my shoulder with an extremely good memory). This is compounded by the the fact that all these various systems force me to change my passwords at regular intervals (for security, naturally) and that I try to avoid using similar passwords for different critical functions.
I don’t condone crappy password choices, but I can sympathize with the average computer user who uses ‘Password123’ for authentication everywhere.
I use a combination of numbers and letters, usually someone’s name surrounded by someone else’s year of birth + year of death, eg. 16b85Y17r50D, which is William Byrd’s name surrounded by J. S. Bach’s dates. If you keep it as two different people, it’s more difficult to construct the whole password, yet it’s relatively easy to remember.
UH, huh. 18 usernames/passwords at work (just at work) and we have to chane 'em every 60.90 days, and oh, no, do not write any of them down.
Hardest thing for me isn’t the upper case/lower case/a number/a special character. No sir, it’s putting in the random squirrel noises! (Tip of the hat to Scott Adams)
Since I use classified material at work and I need to access classified networks, I have a bazillion different pasword requirements, some of which are just inane. One system will not allow repeated characters - evah - plus it wants upper, lower, numeral, and special and at least 9 characters!! So I couldn’t use password1, but I could use Pas$word1 or paS$word1… And all of these networks require quarterly changes. I’ve worked out a method of changing them with the equivalent of a serial number so the root stays the same and certain characters always change in a predictable manner (to me, anyway.)
For my personal use, like many people, I have one that serves when I have to have a logon (like news sites) and my own code for others so when I have to provide a hint, it may just be 2 characters to jog my memory. Plus I have a password protected document on the highest classified network that I use and that’s where I store a list of all the passwords I use very rarely. That document has saved me from having to reset passwords several times. So I just have to not forget the document password…
I’ll be so glad when I retire and can put all of those silly things out of my head!
What is rockyou.com? (Not gonna try that URL here at work just in case it’s remotely NSFW.) I’m thinking that any analysis of the scope of the passwords needs to consider the target demographic.
I was a sysadmin for my high school computer lab, and when decommissioning an old system did a password dump. There were many unsecure passwords of that nature, but the only password that stuck in my mind was “SATAN666” from a totally unassuming looking girl who evidently took the “add some numbers in your password in a memorable combo with the letters” advice to heart.
Personally, I’ve always felt that systems/places that require you to change your password at regular intervals are a classic example of the law of unintended consequences: good intentions having the exact opposite of their intent. As others have noted, the more often you force me to change my password, the harder it is for me to remember, and therefore the more likely it is that I’ll write it down. In fact, my current password for this very machine is written on a piece of paper on my desk. If they had just let me keep the first password that I used, I wouldn’t have to write it down. But after the fourth or fifth change, I gave up on trying to come up with something that fit the criteria and that I could remember.
So, IT folks take note: Forcing regular password changes will in all likelihood result in an overall drop in security.
I use the same password for everything. There’s an obvious number string in there, but the base word is not easy to guess. It’s based on an inside joke I had with my friends as a teenager. They wouldn’t even guess it.
We need a name for passwords for things that shouldn’t need passwords - for example, web sites that make you register to read, say, their prices for products.
I propose the term “asswords”.
For a while I would have a standard assword construction that combined the name of the offending party with a hateful and derogatory curse. Then I started getting creative, and it got complicated enough I forgot how it worked, and it all fell through.
I really hate the almost 90 passwords I’m up to, which I use on about 8 different computers on different networks, so of course they’re in a list somewhere.
I also hate all the rules. Must combine uppercase and lowercase letters, plus numbers. Or, must be five letters, case-insensitive. Automatic forced changes with fancy methods of detecting pattern usage and blocking it.
WHY WHY WHY can’t we have thumb print readers, or webcams to look at our irises, or something trouble free like that?
