If you’re like me, you periodically change your passwords on the sites of banks, brokerage houses, and other entities that store your financial information. But, after a while can be difficult to come-up with new, unique passwords.
Recently, while trying to think of some new passwords, I decided to use the year, make, and model of some of my cars of yesteryear, as well as some of my father’s old cars. I even split the model year into two parts–in front and in back of the actual word–just to make it a bit more obscure.
So, a password might be something like… 19Volvo74POS!.
If you are stumped for new passwords, you might want to consider using my new “system”.
I keep a cheap-o address book next to my computer, and I use it to record all of my many passwords–alphabetically, by the name of the website. I make my notations in pencil, so that they can be changed/updated when necessary.
Sez the IT police! The masters of the Universe! Just ask them.
I write mine down, too. I used to keep them in my wallet, but I keep them on my phone now. The phone is locked and I don’t open email from suspicious sites. I think I’m pretty safe.
OK, now I understand. THEY say so. So, let THEM do whatever THEY want, I really don’t care. At this point, with the endless information that is mined off every contact we have with internet based technology, I trust a pencil and paper. Like @VDCdriver I use an old paper address book and write the info down in pencil so I can edit it every time I have to change a password.
Password managers are the best way to manage passwords. I know around 5 of my passwords and I have hundreds of accounts. I depend on 1Password and LastPass for the rest. Beware, some password managers are extremely insecure.
But clever of creating passwords that you need to remember.
Can’t any internet entity be hacked if the hackers are skilled and persistent enough?
Just the thought of a hacker getting a treasure trove of all of my passwords is enough to keep me from using an online password manager.
I would prefer to use a low-tech approach by simply using a cheap address book to alphabetically list all of the sites that I visit, with the passwords noted below the name of the website. The only password that I have committed to memory is the one for my checking account, because I access that account online daily. All of my other passwords–and there are many–are written in pencil in that address book.
Anything can be hacked, but knowing how a system works helps determine the risk. LastPass has had a paid public vetting. In a system like LastPass, (assume 1Password also), the keys are not held by the company but only by the user, it is based on the trust no one philosophy. If someone stole the database from LastPass it would be worthless to the attacker due to the difficulty in breaking the passwords to access the LastPass data. Implementation is very well done. LastPass did have one break in, passwords were not stolen but LastPass was very quick to warn its users and ask them to change passwords.
There are good things about a paper based solution, someone needs to get access to the physical paper. Problem is that if you are moving to 16+ character random passwords they can be difficult to type, especially on a smart phone. Another issue is that any solution that requires you to type in a password is vulnerable to a keystroke logger. Good password managers not only avoid that problem but also avoid using the clipboard for entering passwords. There is malware out there that looks for goodies in the clipboard.
No solution is perfect but a properly done password manager makes the cost of breaking into its vault expensive. Also, you need a system to allow someone else to access the password manager if something happens to you. The company is helpless in receiving your passwords if you don’t have the master password.
I don’t use my smartphone for any “sensitive” functions.
Everything that requires a good level of security is accessed from my laptop at home, which sits a few inches away from my low-tech book containing my passwords.
