Techies: what is the next wave of computer passwords?

[crazyquik]

I'm getting very

that I have to have a half dozen passwords.

Some applications/websites/etc have a maximum of 11 characters.
Some require 8 to 32.
Some are caps sensitive. Others aren't. Others require both upper and lower case.
Some require symbols: !@#$%^&*(). Others don't allow symbols at all.
Some allow repeating letters AAA. Others won't allow more than 2 letters to repeat.

Surely there is a better way? There's no way I can keep up with them all. Further, writing them down . . . well that's problematic too.

 

[DNW]

I use 4 passwords that basically satisfy 99% of the requirements I've come across. So far, they've worked for me. Obviously, my banking and other financial accounts have passwords that are different from everything else. So, about half a dozen passwords for everything. Passwords are the new phone numbers.

 

[Palladio]

Originally Posted by crazyquik

Surely there is a better way? There's no way I can keep up with them all. Further, writing them down . . . well that's problematic too.
Use password manager software, like this: http://keepass.info/ You can enter website/username/password combinations, then secure them with one, master password. This works for me.

 

[oman]

i am just a total gangster and never forget anything

 

[Roikins]

Originally Posted by crazyquik

I'm getting very

that I have to have a half dozen passwords.

Some applications/websites/etc have a maximum of 11 characters.
Some require 8 to 32.
Some are caps sensitive. Others aren't. Others require both upper and lower case.
Some require symbols: !@#$%^&*(). Others don't allow symbols at all.
Some allow repeating letters AAA. Others won't allow more than 2 letters to repeat.

Surely there is a better way? There's no way I can keep up with them all. Further, writing them down . . . well that's problematic too.


Start with a basic password that will fulfill a majority of the rules, then build off it to satisfy security requirements or to make it more secure depending on what site you're using.

For instance, create a basic 8-10 character password mixed with letters and numbers and cap one of the letters: zxCvbn10

Then you create a variant of that using a symbol for websites that allow it for added security:
zxCvbn@10

Then if you come across a site that says no caps, you use the basic password without caps.

 

[JayJay]

Pass phrases are a pain, and unfortunately that's what I have to have for my machines at work.

 

[GQgeek]

You reach a point where there's no way you'd remember them. I've got over 50 passwords encrypted and stored on my iphone. I have my phone set to wipe if someone enters the wrong pin more than 5 times at both the PIN level and the encryption program level. It wouldn't help me if the NSA got my phone, but it's good enough to prevent someone that steals it from getting access to things they shouldn't.

I also don't keep any vpn passwords on the phone, so at worst, if the phone is lost or stolen, I know to change everything right away and before they figure out what any of the passwords are for on the more sensitive things, they are different. Since all my accounts are linked to gmail, that's the first thing i'd change.

If you are asking if there will be some sort of identity management solution that will tie everything together sometime soon, there won't be.

 

[crazyquik]

Originally Posted by GQgeek

If you are asking if there will be some sort of identity management solution that will tie everything together sometime soon, there won't be.

That's basically what I was asking

I went for a long time with 1 password. Then I went for just as long with 2. Now I have about 6. It seems like there is a drive for 'more security' (fair enough) but no standard across platforms or websites.

 

[GQgeek]

Originally Posted by crazyquik

That's basically what I was asking

I went for a long time with 1 password. Then I went for just as long with 2. Now I have about 6. It seems like there is a drive for 'more security' (fair enough) but no standard across platforms or websites.

You see single sign-on solutions within companies or groups of companies, but that's as far as it will go. There are huge privacy/security issues with what you're asking for.

 

[otc]

Originally Posted by Roikins

Then if you come across a site that says no caps, you use the basic password without caps.

Only problem is that most sites don't tell you the password requirements when you log in so you forget that you had to change something about your password.

I used to run into this problem all the time on my HSBC account which required two passwords (one entered with an on screen keyboard you clicked). I could never remember what two passwords and associated modifications I needed to use. I would inevitably get all the way to the end of the "choose a new password" section, see the list of password requirements, and immediately remember what two passwords I was using...

 

[DBowers]

I use Passpack as my password manager.

Was recently told by them I've exceeded the number of passwords I can store there (100)

My passwords are mostly in the <random string><symbol><birth year><symbol><random string> format. And I change the ordering once in a while.

Yea some sites allow symbols in passwords and some don't. I just take out the symbols.

Those random strings are thee default 6-character long passwords provided by my ISP's... like "ehbpzp". I just memorize those.

 

[Harold falcon]

Don't worry the government will soon be mandating RFID chips to be implanted into your skin which will be able to function as your security access code.

 

[Thomas]

I'm not sure what my next wave of passwords is. I'm debating between a warholean variation of a password theme, such as &quot;PORNPronP0rnpr0n&quot; (for my work computer), or a phrase I might find in literature &quot;Itwasthebestoftimes,itwastheworstoftimes.TheEnd.&quot; which ought to be a fairly strong password.

 

[Xericx]

Its easy to keep track of passwords in firefox.

Preferences->Security->Saved Passwords->Show Passwords

 

[otc]

don't worry, as soon as I learned of that, I made sure to require a master password to show passwords
Not a big deal on a purely personal system...but if people borrow your computer it can be an issue.

Has probably led to much facebook tomfoolery in college dorms