I recommend Password Safe. It’s handy.
I used s6mm3r, a6t6mn, w1nt3r, spr1ng, like that, since my employer require 90 day password resets, and you couldn’t reuse anything that’d been used as or closely resembled your last 3 passwords. Then they upped the required number of letters to 8, so I used s6mm3r05, w1nt3r05, etc.
Jeez what a mess.
I have 67 password-protected accounts and most of the passwords are different.
Some have to be numbers.
Some have to be letters but are case insensitive.
Some likewise but case sensitive.
Some have to have both letters and numbers.
Some have to have uppercase and lowercase letters and numbers.
Some must be 4 characters long.
Some have to be at least 6 or 8 or so long.
Most of them force me to change them on some schedule.
There are many different schedules.
Now, several of them are interconnected by a system that updates several of them simultaneously, so they wind up being the same, but which passwords are part of this system and how long it takes the change to propagate through the different passwords seems to me to keep changing.
So I keep a text file on a secure thumb drive that has uppercase+lowercase+number password protection.
But I still have to call IT or Customer Service for a password reset on something or another a few times a year, and half the time I think I can hear them rolling their eyes and shaking their heads.
I am so with you on this. My company has 4 different passwords, varying requirements for each and they are on different cycles. So of course I write them in my notes when I have to change them.
IMNSHO, password protection is only going to be worthwhile against casual attacks against electronic security.
So, I’m willing to take some reasonable precautions against a password being guessed by looking at my name, birthday, or address.
Beyond that? I really don’t see the point to the more complex passwords. It’s my understanding that there are programs available to the determined person, that can crack most any password - it’s just a matter of how much time the attacker is willing to invest.
For that matter, some of the places that have improved security passwords (i.e. must include none alphabetic characters to be valid) are absolutely idiotic. If someone wants to hack my MySpace account - go to it!
Check out your keyboard. Look at the number “1” in the upper left corner. Pick a shape - let’s say a square for now. Tap the keys “1ad3” in order (because they make a square) and then hold down SHIFT and do it again. You have a password that is incredibly easy to visualize when you’re at a keyboard, but written down, your password is:
1ad3!AD#
It contains two numbers, upper- and lower-case letters, and two “special” characters. 30 days from now when your paranoid manager tells you to switch, move on to password number two: 2sf4@SF$
…and three: 3dg5#DG%
…and you get all the way to 7jl9&JL(
before you need to think of a new shape. A smaller or larger square is easy to do, and you can even mix it up:
1ad3@SF$
Secure, memorable, and easy to rotate. Enjoy!
In order to view our W-M paystubs online, it asks us security questions like “I play this instrument” and “This is my shoe size” and “I have this many children”… with drop-down boxes. Anyone who knows me from these boards could probably figure that out. In fact, I’m sure they could.
Right on time! My bank just got their new system up and going last Friday. Actually that’s a bit of an exaggeration, they had 2 tellers taking phone calls FULL TIME because everyone was locked out of their accounts.
The new password requirement…“Select a password containing EXACTLY eight characters with at least two numbers and a punctuation mark.” :smack:
This is more or less what I do, except to satisfy complexity requirements without randomly substituting numerals for letters I pick a phrase with at least one number and one proper noun. Upper case where you’d expect them, and numerals for numbers.
eg; “Snow White and the seven dwarves” = “SWat7d.”
A couple of my expired passwords:
FKi1bb (Franz Kafka is one big bug.)
AHdi1963 (Aldous Huxley died in 1963.)
No need to write those down.
Keep in mind that Excel passwords are trivial to defeat. Google crack excel passwords and you’ll find a number of sites and utilities which will do so easily. Even an unsophisticated burglar could probably figure it out in a few minutes.
A better system is to use a program like the previously-mentioned Password Safe which securely encrypts your passwords. RoboForm is another good one – it offers several different encryption schemes and includes a browser toolbar for automatically logging into websites. There are versions of it which run on Palm OS, Windows Mobile, or straight off a thumb drive. It’s not free but I consider it to be a very good deal for the convenience and peace of mind it affords.
I do the attendance hours at work, and have a password for that. It’s meant to be secure, but not terribly so (for example other people have my password for when I’m away and they can do it under my name - and that practice is OK). I have a name from a character from an obscure children’s book as the password. It is required to be changed every six weeks, so I just reverse it. I’ve given that to my colleagues to use, and if they get it wrong the first time, they know to enter it backwards. In other applications, I use railway-related things, because that is a treasure trove of strange codes and numbers. There are so many of them that a fellow rail enthusiast would have difficulty getting anywhere trying to crack my passwords, and a non enthusiast would have zero chance.
The above systems work very well for me, and I’m a very forgetful person. It’s much better than it was in the early days, and many sites are easy with number/type of characters now. I’d hate to return to 1999.