As the title says; How do you manage your online passwords in respect of:

# Security of
# Remembering them
# Fitting the requirements of various sites

I feel its time to change mine and I'm interested to know what others do to handle it.

I use 3 different passwords. The first is for general, unimportant stuff where I'm forced to set up an account. This is a simple, easy to remember password and which I assume would be easy to hack.

The second is for work related sites where I have user accounts for getting tech data or purchasing on the company account. A bit more complex but again easy to remember and so easy to hack.

The third is for my personal finance stuff. Not complicated but it is unique.

So this is what I think I need to have to meet:

# Security of - two random words
# Remembering them - They're random, I'll have to remembering them somehow.
# Fitting the requirements of various sites - Include one capital, one numeral.

Anyone got any thoughts about this?

Cheers.

I saw a suggestion a few years ago, similar to the one in this article that seemed to make sense.
The variation was to take a line of a song that had special significance to you and use the first letter of each word. Then try to meet the other requirements for capitals and numbers.

For example the password "t1wasbnoBB" would be easy to remember if as a child, you used to sing the old folksong "Billy Brink The Shearer", which starts, "There once was a shearer by name of Bill Brink".

Length, Width and Depth

A strong, effective password requires a necessary degree of complexity. Three factors can help users to develop this complexity: length, width & depth. Length means that the longer a password, the more difficult it is to crack. Simply put, longer is better. Probability dictates that the longer a password the more difficult it will be to crack. It is generally recommended that passwords be between six and nine characters. Greater length is acceptable, as long as the operating system allows for it and the user can remember the password. However, shorter passwords should be avoided.

Width is a way of describing the different types of characters that are used. Don’t just consider the alphabet. There are also numbers and special characters like ‘%’, and in most operating systems, upper and lower case letters are also known as different characters. Windows, for example, is not always case sensitive. (This means it doesn’t know the difference between ‘A’ and ‘a’.) Some operating systems allow control characters, alt characters, and spaces to be used in passwords. As a general rule the following character sets should all be included in every password:

uppercase letters such as A, B, C;
lowercase letters such as a, b,c;
numerals such as 1, 2, 3;
special characters such as $, ?, &; and
alt characters such as µ, £, Æ. (Cliff)
Depth refers to choosing a password with a challenging meaning – something not easily guessable. Stop thinking in terms of passwords and start thinking in terms of phrases. “A good password is easy to remember, but hard to guess.” (Armstrong) The purpose of a mnemonic phrase is to allow the creation of a complex password that will not need to be written down. Examples of a mnemonic phrase may include a phrase spelled phonetically, such as ‘ImuKat!’ (instead of ‘I’m a cat!’) or the first letters of a memorable phrase such as ‘qbfjold*’ = “quick brown fox jumped over lazy dog.”

What may be most effective is for users to choose a phrase that is has personal meaning (for easy recollection), to take the initials of each of the words in that phrase, and to convert some of those letters into other characters (substituting the number ‘3’ for the letter ‘e’ is a common example). For more examples, see the University of Michigan’s Password Security Guide.

The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community (http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices)

For most of my passwords I think of a relevant sentence and take the first letter of each word.

So something like
June 2010 we head off to cape york to 4wd becomes,

J10whotCYt4wd

I usually have problems remembering for the first couple of times but then everythings OK, work passwords have to be changed every 60 days so I do the same at home.

I have struck problems once when a password was too long for one application.


Martyn

I gave the details of all my accounts and my passwords to a guy who checks how secure they are for you for a small fee. He contacted me offering this service via email. I will see if I can dig it up for you.

I would have thought someone in Australia would have come up with this business idea, but it seems The Nigerians beat us to it.

CC

I just use a password manager, KeePass. Don't try to remember any password (there are so many of them) other than the master password.

I use RoboForm. I've been using it for many, many years.

I use a word phrase for non essential stuff

all my essential stuff is usually a keyboard pattern because I've got a good pattern memory and most of my patterns can be used backwards, sideways across at least 5 locations on the keyboard, combined and in some cases done upside down. The problem is that I'm screwed if I use a non standard keyboard layout.

So far for an 8 character password I havent had one score below strong.

one more for roboform,used it for a long time.

I use keeppass as well. A good way to make simple passwords harder is to use ch@rac+er5 that look similar but aren't the same as the 1e++er in the word. They need to be at least 8 characters long.

I use keeppass as well. A good way to make simple passwords harder is to use ch@rac+er5 that look similar but aren't the same as the 1e++er in the word. They need to be at least 8 characters long.

Hmm, can I infract you for trying to dodge the swear filter? :D

I used to use keepass for work until the powers-that-be decided that Password Safe (Password Safe (http://passwordsafe.sourceforge.net/)) was better for us at work...

I manage around 150 passwords with it, all of varying complexity. It will choose complex passwords for you, too, if you want.

The down side is one password (user chosen) opens the application that will reveal all of the saved passwords so the user password for the application needs to be a good 'un.

The upside is, like keepass, you can teach it to enter your logins and passwords for the different applications with a keystroke. If you are doing something like opening a connection to a remote server, you can also teach it to open the connection and then enter the logins for you.

Hmm, can I infract you for trying to dodge the swear filter? :D

I was just about to warn him. :rolleyes:

I use a date which was important
Example: 16of Januaryof1956
or an address
Unit6/24TomSmithStreet