UNCLBEN

How do y'all handle password security?

Do you use a different password for each site or one for everywhere?
Are they six-letter dictionary words or a random 16-char string?
Do you write them down anywhere (paper and/or digital)?

I'm wondering more about personal stuff here, not work-related. I have about half a dozen passwords, and variants thereof, that I use for 90+% of the web. I have an encrypted file, in a non-obvious path, with a non-obvious name, that contains hints to help me remember them.

I'm sure we have some post-it-on-the-monitor people here as well as tinfoil hat loonies. To which camp do you belong? Explain below!

MrDigital

I guess I'm closest to tinfoil hat, but not really. I don't keep my passwords anywhere but my head and I always use both letters and numbers and different case in my passwords.

However, none of them take longer than a couple of hours to brute crack. I've also been using the same list of about.. 10 passwords for the last decade.

In areas where I *know* the security will be tested constantly, like wifi, I run a 26 character password and do other things to limit the amount of access.

On the only highly secure corporate network I'm currently involved with, I use RSA SecurID key fobs and IPSec encryption. PGPmail is also used pretty frequently for email that leaves the secured network.

All of this doesn't compare to the real tinfoil hat wearers though, of which there's none on this board, or at least none that have made themselves known. You'd have to go to Slashdot or Defcon to see those folks.

-MrD

proxops-pete

My passwords are non-dictionary-compliant "words".
If I tell you anymore, I'd have to kill you. Hee...

jester22c

I have about three different passwords that I use for personal use (at work I am one of the guys enforcing proper passwords) and they are all secure enough to keep my piece of mind. I don't write anything down, it's all up in the ol' noggin. As Mr D mentioned I also use a long character unique password for my wireless network. Oh yeah and my paypal account, that pass is one that won't be cracked I'm not overly paranoid but I'm not lax and careless either, so I voted in the middle.

gurutoo

Password scmassword...If they're good enough, they WILL get in...so I don't worry about it.

If you want something private, encrypt it-duh.

Fnord

I used to use normal words and then I got a job with Arch and they make you use the whole "strong" password system. So now all of my passwords are "Strong"

zackbass

You really need to cover security from all sides if you want to be secure. Keep incoming and outgoing connections tightly controlled, no suspicious software, regular antivirus checks, keep good physical security, and stay generally aware of suspicious activity. Miss one side and you put yourself at serious risk to any serious criminal.

A keylogger is a dangerous tool.

gurutoo

Not if you understand that you are probably having your keystrokes logged and type accordingly...

muisejt

my passwords are not found in the dictionary unless there is one where 4=A, 3=E, 1=I, and 0=O. also when allowed (like in windows passwords) I'll throw in a * followed a number or 2.

so for an example one of my passwords whould look like this:

p4ssw0rd*69

breakable yes but it will many hours to crack with brute force where as it would only take seconds if you just use "password" or any dictionary word