Password schemes

I’m looking for ideas about how to remember the umpty-jillion usernames and passwords required for web-based life forms. Every website on the planet wants us to register. I have about about twenty five usernames and a hundred passwords for the websites I frequent. (This doesn’t include the sites that force me to register even though I know I’m there just once – at those sites I usually register as 123@123.com with a password like 23456). My rule is to not to use the same password at multiple sites, and I usually don’t let my PC “cookie” them. I sure can’t remember them all without some sort of scheme. For financial sites I’m serious about unique passwords, and those are kept securely. For general sites, though, I use a website-name+short-password scheme. For example, at yahoo.com I might use yahoo-zebra, and at gamer.com I’d use gamer-zebra. (Note: My real scheme isn’t quite that obvious, but you get the idea.) I have one password plus a scheme to remember. Not as good as unique passwords, but better than using the same one everywhere.

So – how do you keep passwords? If, like me, you need to have access at work and at home, don’t want to carry a cribsheet and don’t want to keep a list on the work computer, what do you do? What other ways are there to keep them in your head? What schemes or memory devices would help?

Since you’re looking for advice and not facts, I’ll move this thread to IMHO.

Being young and unimportant, I don’t really have anything online that anyone would want access to, such as banck or credit accounts, so I use one password for almost everything. However, in the rare event I do need to store multiple passwords, I have an old model palm I use. Not exactly secure, but like I said, I don’t have anything worth gaining access to on the web. For passwords I store in my head, I use a combination of numbers I already know. For instance, Half of my social security number, followed by my birthdate, followed my the other half. I’ve never used that one particularly, but it serves well as an example.

Take a look at http://www.gregorybraun.com/PassKeep.html

Why not just use the same username/password combo for every non-important site? Or write down your info? It’s not like a burglar’s going to break into your house, find your password sheet, and then indiscriminately play games and read NY Times articles with them. And if he does, who cares? As long as the bank/ credit card ones are different and secure, you’re safe.

I have a folder set up in Outlook for my passwords and screen names, with a backup Word doc. on my 2nd hard drive.

…I am Banquet Bear on most sites that I log onto, Banquetbear on a couple of them and Banquet_bear on those I signed onto years ago. I use the same password on all of those sites, while I know that isn’t the safest thing to do, none of those sites have my credit card details on them. I remember logging onto the New York Times site after two years not logging on, taking a guess on username and password, and getting it right!!!

Having the same password on different sites is a bad idea because once someone discovers one he’s discoverred them all. I keep a file with all my important information like bank account passwords etc. I keep it in WORD format and it prints out in tiny print so it becomes a very small sheet of paper which I can fold and keep in my wallet if I want. The Word file is encrypted with PGP so that, even if the computer were stolen, nobody would have access to the information. The PGP key is kept separately on a floppy and other backup media.

In other words: most of the time I have a card with all the passwords in my wallet and, other than that, the passwords are securely kept in a computer file.

I use the same username (yojimbo) if I can everywhere. For things like newspapers etc. I use the same password, as Opus1 says it doesn’t bother me if people grab them as they are unimportant and not worth the effort to protect that much.

For the others, work, bank, credit card, e-mail, SDMB etc. I just remember them. It’s less than ten actual accounts so it’s easy to recall them and some like work change every x amount of days as per our security policy.

I remember the few I use regularly - passwords are similar but not the same. For less frequently used sites, I use Secret!, a Palm software which stores passwords (or any text) in encrypted form. I carry my Palm everywhere so I always have access to it. Even if it gets stolen they can’t read it without the master password, and I have a backup of the encrypted file on my PC.

I use 3 different passwords, personally, to protect different “levels” of accounts.

I have a top level one for important stuff - things that have vital information like my credit card info or stuff like that.

I have a mid-level password for things I use frequently but wouldn’t really hurt too much if they were compromised - for example, message boards that I frequent a lot such as SDMB.

I have a low ‘throwaway’ password. If I need to register with a news site to read a few articles, or need to register with a forum I know I’m only going to make a handful of posts on, I’ll use that one.

This way I only have to remember 3 passwords, but not everything is blown if my ‘low’ password is compromised.

Ditto scr4, I use something similar on my PDA. It is SOOOOOOO handy. Plus it keeps an encrypted file on my computer in case I lose my PDA…just get a new one and load the software and I’ll have them again.

Opus1, I don’t use the same username/password combo for every non-important site because, as Sailor pointed out, if it’s compromised at one site it’s blown at every site. Just because I don’t have financial data at, say, yahoo games or SDMB, doesn’t mean it’s totally unimportant to me.

I like the PDA idea. It’s fairly secure and made to go with you. BTW, scr4 & Tomcat, did you know that if someone lays hands on your Palm and does a backup to a PC, the backed up data is readable without a password? I’m not complaining, just pointing it out. My company does reviews of employees’ PDAs (never mind, ask me later) and we do just that.

One thing I haven’t heard yet is a mnemonic or other way of keeping multiple passwords straight in your head. Anyone have any ideas on that front?