Different from your last password? Where I work the requirement is that it must be different from your last 24 passwords! Who can recall their last 24 passwords!
There are only three characteristics a good password needs: it should be long (6 characters are not enough, 10-12 is better, most of mine are over 20), it should be difficult to guess (don’t use words you can find in the dictionary) and it should be easy to remember.
It is the latter point what most companies subvert with their $illy@ass rules. You will note that in the three rules above, there is no requirement to use any combination of punctuation, uppercase letters or numbers.
I do agree with some things: don’t reuse passwords and don’t use the same password across multiple accounts.
As far as changing passwords routinely, experts debate. If the site was compromised, then you should change your password (if you have a good one, you are probably safe, but change it anyway).
So changing a password routinely protects you from a compromise the site doesn’t know about. In other words, by the time they figure out your password, you already have a new one.
I tried to sign into my Amazon account. They said they were sending a link for me to tap on my smart phone. I do not have a smart phone. I was kinda grumpy when I called customer service.
Get a password repository protected by one very strong password. Any time the subject of passwords comes up, that’s my advice. I spend a significant portion of my job resetting passwords because people cannot be bothered to put their passwords in a safe place. Would you leave your keys in the wastepaper basket?
When password management started to become a problem I just used my palmpilot and a password protected memo. When keepass came along I started using that to protect the more sensitive passwords.
I’ve used xyzzy on windows for decades to generate new passwords. It only does lower case and numbers, but it give me a good start to modify if needed. On a linux/unix machine I’ll use pwgen from the command line, if it’s available (and I install it on any machine I’m likely to use regularly).
I’ll also use keepass to generate passwords, as well as store the sensitive passwords I use. When the most recent palmpilot finally dies I’ll transfer everything in the memo to my keepass database.
I only have three or four passwords I need to remember, the rest are stored in either keepass or the palmpilot memo. I keep the keepass database on a flash drive (which also gets backed up) so I can use it across platforms. And I keep a record of all the old passwords used and when they were changed along with the new password, it’s not that hard to do.
It only takes a little self discipline to maintain random and separate passwords for every need. These days you have to be an utter moron to use the same password on more than one online site. And, unless you have a photographic memory, you’ll need some means to securely record and access the passwords you use.
And, for the record, I don’t consider online repositories a secure place to store passwords. Once you put your data “in the cloud”, it isn’t your data anymore, it belongs to the cloud provider. It can be accessed by anyone without your knowledge and lost in the blink of an eye if the provider loses it or just plain goes out of business.
Superfrog over 3 years ago
He could try “beefstew” as a password but it’s probably not stroganoff.
JamieLee Premium Member over 3 years ago
Different from your last password? Where I work the requirement is that it must be different from your last 24 passwords! Who can recall their last 24 passwords!
dflak over 3 years ago
Ah, my pet peeve.
There are only three characteristics a good password needs: it should be long (6 characters are not enough, 10-12 is better, most of mine are over 20), it should be difficult to guess (don’t use words you can find in the dictionary) and it should be easy to remember.
It is the latter point what most companies subvert with their $illy@ass rules. You will note that in the three rules above, there is no requirement to use any combination of punctuation, uppercase letters or numbers.
I do agree with some things: don’t reuse passwords and don’t use the same password across multiple accounts.
As far as changing passwords routinely, experts debate. If the site was compromised, then you should change your password (if you have a good one, you are probably safe, but change it anyway).
So changing a password routinely protects you from a compromise the site doesn’t know about. In other words, by the time they figure out your password, you already have a new one.
julie.mason1 Premium Member over 3 years ago
I use pi as my password. Neither I or anyone else can get into my account!
wrytercat over 3 years ago
I tried to sign into my Amazon account. They said they were sending a link for me to tap on my smart phone. I do not have a smart phone. I was kinda grumpy when I called customer service.
MuddyUSA Premium Member over 3 years ago
PssstphooeyHollywood……………….a password!
Zen-of-Zinfandel over 3 years ago
Newpassword@21.
mistercatworks over 3 years ago
Get a password repository protected by one very strong password. Any time the subject of passwords comes up, that’s my advice. I spend a significant portion of my job resetting passwords because people cannot be bothered to put their passwords in a safe place. Would you leave your keys in the wastepaper basket?
mountainclimber over 3 years ago
I would like to see hackers punished by having their right hands cut off for a first offense. Guess what for a repeat offense?
AndrewSihler over 3 years ago
Indeed. Chap I know worked for a sort of R&D secret government contractor with a variety of password protected accounts/machines/apps, and they were supposed to (a) change passwords weekly (b) use a different password for every protected access © not write anything down anywhere. He didn’t say whether the conditions of employment included free emotional counseling.
RAGs over 3 years ago
I sometimes use call-signs, weapons and place names from Vietnam
sml7291 Premium Member over 3 years ago
It’s not as hard as some folks make it out to be.
When password management started to become a problem I just used my palmpilot and a password protected memo. When keepass came along I started using that to protect the more sensitive passwords.
I’ve used xyzzy on windows for decades to generate new passwords. It only does lower case and numbers, but it give me a good start to modify if needed. On a linux/unix machine I’ll use pwgen from the command line, if it’s available (and I install it on any machine I’m likely to use regularly).
I’ll also use keepass to generate passwords, as well as store the sensitive passwords I use. When the most recent palmpilot finally dies I’ll transfer everything in the memo to my keepass database.
I only have three or four passwords I need to remember, the rest are stored in either keepass or the palmpilot memo. I keep the keepass database on a flash drive (which also gets backed up) so I can use it across platforms. And I keep a record of all the old passwords used and when they were changed along with the new password, it’s not that hard to do.
It only takes a little self discipline to maintain random and separate passwords for every need. These days you have to be an utter moron to use the same password on more than one online site. And, unless you have a photographic memory, you’ll need some means to securely record and access the passwords you use.
And, for the record, I don’t consider online repositories a secure place to store passwords. Once you put your data “in the cloud”, it isn’t your data anymore, it belongs to the cloud provider. It can be accessed by anyone without your knowledge and lost in the blink of an eye if the provider loses it or just plain goes out of business.
Stat_man99 over 3 years ago
AMEN, BROTHER!!
SemperFiMac over 3 years ago
And then, after all that, we still have to fight our way through CAPTCHA.