If you are spending any time on the internet, you will have a plethora of passwords. At my last count, I had 155 places that require a password. The question is how to remember them all. Over time, I’ve developed a couple of strategies - hopefully, they are useful for you too.
Identify low-value passwords. There are many sites that “require” a password which really shouldn’t. The common characteristic is that even if the password is public knowledge, nothing really bad could happen to you. Favorite candidate for this are news sites like the New York Times. Use a common password for these - even if it’s compromised, you’re not losing anything.
My personal favorite for this used to be “youanoymegr8ly!”. No worries - it has been changed by now 
Even for this password, a couple of security measures help.
- Use something you can easily remember. Since most of the low-risk passwords are nothing but an annoyance, expletives and insults work well here
- Use a sufficiently long password. Anything less than 6-8 characters can probably be gotten to in an afternoon
- Deliberately misspell. Yes, I know it “annoy” is spelt with two ‘n’s. So does a dictionary-based attack.
- Throw in special characters and numbers. Again, it combats the dictionary attackers
- Change it when you publicize it
Medium-value passwords are those that would be bad to lose, but you could recover. Mail clients are a prime candidate for this. While it would be really bad to lose those, you can recover. I’d follow the same password rules as above, with two additions:
- Use one password per site
- Change it regularly
That still leaves quite a few high-value sites. For these passwords, randomly generated passwords that get changed frequently are the only answer. And the only way to remember those is writing them down. And it’s not only me suggesting that - security experts like Bruce Schneier are saying the same thing.
It’s better to have a secure password written down, than an insecure password that you can remember - if security matters.
Now, if you can be fairly confident that you won’t lose your computer, storing those on the computer is another, slightly less secure alternative. For web sites, you could use Mozilla.
If you are an Apple user though, you’re lucky enough to have the “Keychain” application at your disposal. Not only does it allow you to secure your passwords with one master password, it also takes all your digital certificates and even private notes. (If you use keychain, keep in mind that losing your computer is now a much more scary thing. Regular backups are also a good idea)
Now all it needs to make my life perfect is the ability to set expiration dates on passwords, to gently remind me that I should update them….
Technorati Tags:osx security password