I have all my passwords in an Excel File that is not named passwords. I also have a default password I use when I can. I try to make passwords I can remember, mostly by using l337.
When I had to change a password at work every month, I used initials + number of episodes of my favorite show. That worked well.
We were talking about challenge questions at work the other day. As Dr. Drake pointed out, you don’t have to be truthful, just use something memorable:
Here are some examples:
What’s your mother’s maiden name?
Heterosexist
What’s your grandmother’s maiden name?
Which one
What model was your first car?
Corvette Stingray
(in my dreams!)
As for alphanumeric passwords, it occurred to me that using chapters and verses from the religious book of your choice might work, e.g. John316 or, if you’d prefer something secular, why not go through Shakespeare’s plays, e.g. MacBethA1S1, MacBeth A1S2, etc. Operas might work even better, since their titles aren’t in English. RigolettoA1S1 might be a bit harder to hack than most.
Of course, for Babylon 5 fans, there’s always the old standby, “Peekaboo.”
Sometimes, I think “we” *want * you to forget your passwords so you have to call in now and then and justify the expense we’ve laid out in building and staffing call centers.
What? Me cynical? Nahh…
Hopefully, they only have two ** biological** grandmothers.
(Though the point remains - I have FOUR women who count as grandmothers - divorce on one side, death on the other).
I used the program “password safe” and you only need to remember one password for that.
But seriously, writing down a password on a piece of paper, and putting it in your wallet. . .I consider it secure enough to walk around with $200 in it.
What if someone rips off my wallet? Any they going to know my user name? What site that password activates?
Really, what is the fear of writing down a password and putting it in your wallet, or an unlocked desk drawer? Is your office mate is going to buy his wife something from Amazon.com while you’re in the shitter?
The challenge questions are a joke because they are not evaluated against any standard.
With several of my accounts, I have to provide answers for as many as five challenge questions per account. I just give the same answer for every question.
What is the name of the city where you were born? FruitLoops
What is your mother’s maiden name? FruitLoops
What was the model of your first car? FruitLoops
Since the same answer is irrelevant to the question asked, it’s darn near impossible for anyone to guess.
Back when I was in the tech/customer support racket, our rationale was that passwords weren’t to protect us from people using our own computers, but from outsiders trying to hack in. If I want to get into your bank account, I’m going to do it remotely, and I can’t see the passwords you’ve written down. Computer hackers are too lazy to break into your your house to look for passwords. And common burglars are too stupid to drain your account from a computer.
We have a Mandylion to store our passwords. That way they can all be strong and unique.
It’s done because hard to crack passwords are good security practice (and good sense). It always a balance.
It’s not too hard to come up with a password that’s easy to remember. Use a phrase. “Imh1acd1oS” should be secure enough, and can stand for “I met her in a club down in old Soho.” Add a semicolon somewhere and it can be very hard to crack.
I use something I’ll be able to easily remember, and sub the letters/numbers/special characters. One old password was h@mst3R. Hamster. The next was K!tt3ns. Kittens. And so forth. Use 4 for a, 3 for 3, 1 or ! for i, 5 or $ for s, etc. Throw a random capital letter in, and you’re good to go.
This is very similar to what I do. I use song lyrics that I know by heart.
Let’s take an easy one, Happy Birthday
Happy birthday to you
Happy birthday to you
Would give you a password of HbtyHbty. If you need an alpha numeric use Hb2yHb2y. For a password hint write down your date of birth.
Or for something a little stronger let’s use the song America the Beautiful
Oh beautiful for spacious skies
For amber waves of gain
Gives us ObfssFawog or for alpha numeric Ob4ss4awog Password hint AtB first 2. Go ahead crack that sucker.
Any song you know the lyrics to can be used this way. I always capitalize the first letter for each line.
Anyway it works for my 15 watt brain.
Every 90 days is excessive IMHO.
I would just alternate between two or three different passwords. That’s what my fiancee does for work, where they require all employees to change their passwords every X number of months. The software is satisfied that she changes it from a “current” password to “something else”. The software does not seem to recognize that the “something else” is the same something that she used before.
So she might do something like password: Butcher99.
Oh, time to change it to… Baker99.
Oh, is it time to change it already? Okay then… Candlestickmaker99.
Time to change it to… Butcher99.
X number of months later… Baker99
Again, already?.. Candlestickmaker99
Etc. That way if Baker doesn’t work, she knows it’s one of the other two.
My mom had to change her password so often, she finally lost track of what the damn thing was. Now she’s adopted my fiancee’s system so she won’t ever forget.
Yeah, but if I lose my wallet, I don’t want my password to be in my wallet with my bank card. I could store a PIN or a password at home someplace, but fat lot of good it would do me if I need it and I’m not at home to look at my cheat-sheet.
ETA: And note in my example above, my fiancee isn’t dumb enought to use three related passwords, from a rhyme or the three musketeers or anything. I think hers are all random shit. Like the name of a musician, a word from the ingredients on a box of Frosted Flakes, and her mother’s brother’s first dog’s name, or something like that.
Here is something I’m trying to get used to using: pass phrases.
Depending on the maximum number of letters allowed in your password for your bank, you might be able to use this approach. It’d make things a lot easier for you to remember. (And could be even more effective if you’re able to use punctuation, as well.)
LilShieste
Then don’t work for Uncle Sam, nor have a contract with them that subjects you to DHS password security requirements.
Having to change a password every 90 days may be a royal PITA. I have more than two dozen passwords to as many accounts. They all require changing every 90 days, the password no repeat histories are as long as 10 iterations and none of the accounts can have identical passwords.
I don’t have a passphrase as such, but I do have a phrase that I use each of the words individually, in various misspellings and leetspeak combinations.
Example phrase:
Mystifying Medical Maladies
Example passwords:
!Myst1fy1n5
#m3dikaL
Ma-adi3z
Bank of America makes it ridiculously easy to transfer funds instantly to another Bank of America customer. You click “transfer”, put their name and account # in, choose the amount and voila- instant transfer of some or all of your funds. Just so you’re aware of that. My husband and I do this for bill paying and such between us, but I was struck when I did it at how easy it was.
For my work, you can’t use a password you’ve used in the last 10 times.
I have a password that is similar to ou812 (like the van halen album), and every time I change it, I just bump each digit up. You need to have at least 3 changed characters, I believe.
I’m not sure what kind of “attack” the “every 90 days” rule guards against.
I was mentally ranting about this the other day – the electric company web site has so much security that I messed something up while trying to log in, and then had to reset my password by answering the security question, which was “What was your first car?” and I couldn’t remember if I originally said Make, Model, or Make Model and then got locked out and had to call the call center … and the whole time I was fuming – really, would it be such a disaster if some fiendish criminal broke into my account and paid my electric bill? What else are they going to do?
In reality, I think it is for identity theft prevention – I suppose I could imagine someone doing something like changing the address, requesting a paper copy of the latest bill, using that utility bill to open another account, etc. But really, that’s a lot of work. I’d almost admire their determination.
If you consider “I don’t know” a valid answer, it’s actually pretty easy. Although we’ve got so many different systems, with different user names that I can’t keep track of, getting to the question can be the bigger challenge.
For mine, it’s 20.
Here’s my method for systems I log into regularly:
Think of two words. For example “bite me”.
Your first password is “Bite00Me”
Your second password is “Me01Bite”
Your first password is “Bite02Me”
and so forth. If you’ve forgotten where you are in the sequence, you can probably guess in a couple of tries. If you need a non alphanumeric character, just tack it on the end: Bite00Me# Me01Bite#, …
That’s 200 passwords before repeating.
Unfortunately for me, this system evolved over the past five or ten years, so I’ve got accounts using various versions of it.
For systems I only log into a couple times a year, I don’t even try to memorize them. I just get my password reset each time.