From: Stephen K. Gielda (steve_at_packetderm.com.bogus)
Date: Mon, 10 May 2004 21:38:18 -0400
In article <firstname.lastname@example.org>,
> I am sure I am not the first person to encounter this problem. I hope
> somebody can point me in the right direction to a solution for it.
> I am a fairly low tech computer user. Over time I have accumulated a
> rather large collection of accounts and passwords.
> Some of them are for unimportant things like a on line forum I am a
> member of. Some of them allow access to my bank account or the like.
> I have a half decent system for keeping passwords that relies mostly
> on my own memory. But it regularly falls down on things I dont access
> for a long time. I am aware of other methods like:
> writing them down on a piece of paper that I hide.
> keeping a list in a computer file that I encrypt.
> using the same password for lots of things.
> allowing my browser to remember the passwords for me.
> getting a password management program.
> I am willing to spend some, but not a massive amount of time on
> managing these passwords. I think that there are probably people out
> there who are capable of getting my passwords whatever I do. I'd like
> to get some advice from the experts here on what is a good way to look
> after my passwords.
> I am leaning towards getting a password manager program. Is that too
> much of an all your eggs in one basket approach?
As others have recommended, pgp is a decent solution. However, there
are tricks to maintaining many passwords that are secure, yet easy for
you to remember. For example, come up with a phrase like "Ask not what
you can do for your country". Take the first letter of each word while
substituting numbers and symbols where appropriate. "Ask not what you
can do for your country" becomes A!wycd4yc. This is a normal technique
for passwords, but you want them unique for each site and still easy for
you to remember which you used for what, so take it a step further.
Add the first and last letter of the site you are registering for to the
mix. For example, Ebay take the E and the y, place the E at the
beginning of your hash, the y at the end. You now have EA!wycd4ycy. As
a password for e-bay. Register for Yahoo and it becomes YA!wycd4yco.
You end up with a unique password for everything that becomes very easy
for you to remember for each site because all you really have to
remember is one hash.
This is just an example, come up with your own, put the last letter of
the site or machine name first and the first last, place them in the
middle instead of the ends if you want. Whatever you feel gives you a
good hash mix and is easy for you to remember the structure. Then use
that constistently and you'll have unique passwords for everything that
are easy for you to remember.
-- Protect yourself on-line. Hide your identifying details in e-mail, usenet, and more. A privacy service like no other. No one gives you more control over your e-mail than we do! http://www.cotse.net/servicedetails.html