Page 1 of 4

How do you remember passwords

Posted: Wed May 16, 2007 1:28 pm
by matthijs
Ok, here's the situation:
For almost every webapp, website, forum, piece of software and I don't know what else you have a login/password nowadays.

You end up with many of them. Impossible to remember. Solution: always use the same. Not good/safe and not possible because usernames and/or passwords often cannot be chosen freely. Often you also have to remember which email you used, etc

So I have a list now, of say 100 combinations of logins/passwords. Even more if I count the old ones of stuff I had an account for. I wrote them down on a piece of paper.

That's not secure and not smart. If I loose this piece of paper I'm in internet-no-mans-land so to say. I will be completely disconnected, lost, abandoned :? :cry:

How do you guys handle this?

Posted: Wed May 16, 2007 1:31 pm
by RobertGonzalez
I keep a list in a secure environment (either in my Palm behind my standard password or in my Yahoo/Google account somewhere). I typically have a throw away password that I can frequently change for things like that, then I store my more secure passwords in a file that I can get to as needed.

I also tend to keep between 10 and 15 different variations of different passwords so that I never really ever use the same password all the time.

Posted: Wed May 16, 2007 1:31 pm
by Luke
hmm, somehow my brain remembers all of them. It's sort of a miracle I guess. (Sorry for my completely useless response :oops: )

Posted: Wed May 16, 2007 1:43 pm
by Chris Corbyn
I try to use the same username everywhere if I can. If I can't it usually comes back to the surface when I get told my username is wrong :)

With passwords I use things that are completely meaningless to everybody (including myself). Random sequences of numbers, letters and at least one special character. I have 3 different passwords at any one time (remembered in my head) and every few months I invent some new passwords and remember those instead.

So yeah, kinda like Ninja's answer really :)

Posted: Wed May 16, 2007 1:54 pm
by John Cartwright
I write them on my hand every morning :oops:

Posted: Wed May 16, 2007 1:54 pm
by matthijs
Yeah, seems like a good idea to have a few, random ones which I'll be able to remember.

But it's always the exceptions which screw up the system. A login/password which is generated for you, etc

Maybe I should just ditch all accounts and keep only the one for devnet :D

If they make it so hard for me, their service isn't worth it!
(ok, except paypal and stuff..)

Posted: Wed May 16, 2007 1:58 pm
by Luke
well actually now that I think about it my client's hosting logins I don't always remember (because they are generated for me). Those are all filed in my email though, which I guess really isn't good either.

AOL Speak

Posted: Wed May 16, 2007 2:01 pm
by RobertGonzalez
/ rushes off to sneak into Ninja's email sos I can h4ck into ur email...

Man I sound stupid when I speak in AOL...

Before any of the mods get at this, this is a preemptive strike:
Image
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.

Some examples of what not to do are ne1, any1 (anyone); u (you); ur (your or you're); 2 (to too); prolly (probably); afaik (as far as I know); etc.
I am repentant and humbly submit to the powers of the modslap.

Posted: Wed May 16, 2007 2:03 pm
by Mordred
I use KeePass, because it also has a PocketPC clone (read-only last I checked, but suitable for me).
Bruce Schneier recommends Password Safe.

Btw blindly considering passwords of digits, upper and lower case and "at least one special character" as "good" is a result of an old myth. Actually the best way of having a strong password is to make it l-o-n-g.

h3A9|<f may look as a hell of a password, but it is
1. Not easy to remember (which means that it will sooner or later be written down in an unsecure manner)
2. Too short, 7 symbols only of whatever set are not enough. (There will be very soon (if not already) rainbow tables for up to 8 characters for the most popular hashes)

On the other hand "Marry had a little rabbit with a karrot" is both easy to remember and impossible to bruteforce.

(btw, I'm back ;) )

Posted: Wed May 16, 2007 2:04 pm
by infolock
I just memorize them. I think I have 20+ passwords in my head at any given time. Remembering them isn't the hard part though. It's remembering which one goes with which login that's the hard part.

Posted: Wed May 16, 2007 2:37 pm
by Luke
Mordred wrote:(btw, I'm back ;) )
welcome back!

Posted: Wed May 16, 2007 2:54 pm
by jayshields
Mordred wrote:I use KeePass, because it also has a PocketPC clone (read-only last I checked, but suitable for me).
Bruce Schneier recommends Password Safe.

Btw blindly considering passwords of digits, upper and lower case and "at least one special character" as "good" is a result of an old myth. Actually the best way of having a strong password is to make it l-o-n-g.

h3A9|<f may look as a hell of a password, but it is
1. Not easy to remember (which means that it will sooner or later be written down in an unsecure manner)
2. Too short, 7 symbols only of whatever set are not enough. (There will be very soon (if not already) rainbow tables for up to 8 characters for the most popular hashes)

On the other hand "Marry had a little rabbit with a karrot" is both easy to remember and impossible to bruteforce.

(btw, I'm back ;) )
Trouble with a long password is that if you're in a public place (internet café, university cluster, etc) then it's easier to be stolen from someone watching you type, because you have to type slower to prevent typing errors :(

d11 ~ I really, really dislike websites which don't allow you to use special characters in passwords. I cannot for the life of me think of why they wouldn't allow them, and then put in place a minimum password length or something.

Posted: Wed May 16, 2007 2:58 pm
by Chris Corbyn
jayshields wrote:d11 ~ I really, really dislike websites which don't allow you to use special characters in passwords. I cannot for the life of me think of why they wouldn't allow them, and then put in place a minimum password length or something.
I know, it's stupid. The people who write systems like that are probably the people who don't escape strings before inserting them into SQL and don't hash passwords.

Posted: Wed May 16, 2007 3:20 pm
by Weirdan
I use same username (and same email) wherever possible. There are few exceptions, but I can cope with that. As for passwords - they are usually long (20+ chars) and have some meaning to me, but aren't obvious to anyone else.

Posted: Wed May 16, 2007 3:37 pm
by feyd
They're all in my head. :)