Originally published at: http://www.howtogeek.com/162275/the-pain-of-creating-and-managing-passwords-in-todays-online-environment/
Creating password protected accounts is part-and-parcel for operating on the web these days, but no two sites approach password creation in the same way. One site might allow you nearly unlimited freedom in the characters you choose and the length of your password, but another may limit you to as few as eight characters with no special characters allowed. Needless to say the ‘creation process’ can be frustrating much less managing the ever growing number of passwords we need on hand to access all our accounts. With this in mind Casey Johnston from Ars Technica decided to ask some companies about their password policies and received some interesting responses…
Having websites with differing standards for passwords is an inconvenience. I do use LaspPass to manage my passwords, as I have so many its getting harder and harder to manage them. Im sure in the near future 2-factor authentication will become standard. And hopefully there will be a standard authority that websites can point their authentication to so we do need to carry around multiple dongle/phone apps.
I use Lastpass to manage my passwords. I also use MFA wherever available. However, as we see, there is no particular reason why some sites accept only 8 char passwords and some 64 char. Hence, wherever possible, we have to use as strong as possible password.
I use a tip I think i first saw in one of the HTG Tip Box articles.
I use the site name, pass it through a short (secret) encrypting algorithm and get a unique password for each site, but easy to remember as the algorithm is always the same! One possible algorithm could be that I move each letter up the alphabet by one, and put a number on the end, so "HTG" becomes "IUH12345", which would be a good password. Obviously my algorithm is different, but you get the idea
The safest password is a long password. Simply put. Myself I have a list of 20 passwords that I always use and continually recycle the list. One would think that's a bad idea but it's pretty secure and efficient.
But to the question: I choose favourite quotes or lines from books.
Take these examples:
Both passwords are strong but the first is considered insanely strong despite the lack of special characters, numbers and only one Capital. Why? Length. What's better that it is a fairly easy password for a human to remember. but it'd take quite a bit to brute force it.
You see a password makes little sense if it's so complex you have to always write it down or risk forgetting it. Using proper sentences on the other hand creates personal, easy to remember and hard to brute force passwords. If the site allows for characters like punctuation marks then you can get some hellish complexity.
I use a very simple system that lets me generate stong and long passwords . I use a mixture of what the service means to me and some personal numbers to generate passowrds . Here are some examples
email : revealmyinbox0609
github : letmecode0609
etc . So every password depends on the service , is unique because of the service and is made even more unique by the custom numbers at the end .The password is memorable because it is related to what the service means to you
thats what i do, also changing o's to 0's and L's or I's to 1's. sometimes adding an _ between words if they're accepted. but forgetting one really is a pain.
I use KeePass to create and store passwords as it works across multiple platforms. It is irritating when changing passwords that most sites don't tell you their rules until after you break them (length of password, special characters, etc.) Another irritant I have encountered lately is that some sites don't allow you to paste the new password when changing. If you are using a complex password this makes it very difficult to type the same password twice. I can't see any logical reason for doing this. Do they think someone is using a robot to create new passwords?
I use KeePass as well, and also have found it VERY irritating that paste is disabled on some websites.