How do you keep track of passwords?

They are all different because each site has different rules. Many don't have passwords as such. Some are variants because password rules vary from site to site, which brings me to one of the biggest problems with passwords...

All sites have different rules for passwords. Some require at least 8 chars, some require 8 max, some require at least one number, some won't allow punctuation or underscores. There is a real need for a standard password strength standard.

And really annoying are those sites which insist you register just to read the full site, and make you pick impossible to remember passwords.

Post-It note on the side of the monitor with the title Password.



Seriously, I've seen this kind of thing more than once happen at client sites when wandering around other offices looking for totty.

The reason - because the domain security policy forces them to change their password every 5 minutes and to pick a strong password - so they need to write it down because by the time they memorise it - they have to change it.

Why is this the case - because some jumped-up twunt with a job title like "Senior Security Officer" thinks that the most meaty security setting that Active Directory provides therefore automatically means the system is the most secure

Hate to have a priority 1 incident when he's on call and needs to dial in

Senior executives at Microsoft don't often do tech support, thank God

use a different password for everything and keep them all in an encrypted file in an out of order sequence so even if the file is cracked, which password goes with which account wont be immediately obvious

I use a combination of keyboard patterns based on the tld and visual elements on the login page. So each password is unique.

Bit of a bugger if they change the domain, significantly change the branding or I'm not using a normal keyboard.

clipperz.com - it's in javascript so you can review that the cryptocode is fine, you can generate OTP etc, good enough for most of my things.

ER, I keep all my pin numbers and passwords in my head, I also keep a lot of telephone numbers and important dates in there as well.
Mr P does call me the human filofax as I never seem to forget dates and numbers etc...

I thought everyone did? - or is it just a girly thing?

In my head are every credit card number I've had (not many people can learn 16 digit numbers but I bet a high proportion of CUKers can), every personal and business bank account number and sort code I have ever had, my PIN numbers, every car registration I (or my father since I was little) have ever had, every telephone number I've had, my permie staff number up to 1995, my NI number, my driving licence number, my LtdCo company number and VAT registration number and no doubt all sorts of other semi-useful rubbish.

I also have an algorithm for passwords, and many of those have been memorised by my fingers. Indeed for a few I can type them in without thinking but cannot tell you what they are.

But I get stuffed when I am forced to change a password or if the rules say a given password cannot conform to my algorithm.

Also the government web sites need so many weird and wonderful codes to be made to work that they defy learning.

Then there's wacky codes like the car radio security number and the car VIN.

The security questions web sites ask I need to record too; some of the questions simply do not apply so I have to make up answers. It doesn't help that, as a matter of paranoid principle, that I give false answers to all those "Mother's maiden name" and "Last school" questions.

Also, birthdays and anniversaries will NOT stick in my head, nor will other people's addresses. So I cannot use them as mnemonics.