Recording account passwords?

LastPass is a popular one... but I don't use it.  I use the KISS philosophy...

I have 3 levels of passwords.

1.  The ones I could care less about people hacking into... (those one time services you sign up for)

2.  The ones that would cause me trouble but not the end of the world (Facebook, LinkedIn ec..)

3.  Really secure ones (bank, mortgage company, server password)

So I only have to remember 3 of them.  I also make sure they all meet the criteria of:

1.  At least one uppercase

2.  At least one lowercase

3.  At least one number

4.  At least one non alpha numeric (symbol)

That will make 99.9% of websites happy...

I've never changed my BT password

However, I have SO MANY accounts and passwords everywhere (like everybody), so I have a fixed pattern for password generation that only I know. I use the same pattern for every account, but even if someone knew what it was, there's a conversion I do in my head (that only I know) so it would still look random.

I know that's really general, but here's a (don't use this, it's way too easy) example:

(Year of birth backward) (intersperse with site name lowercase) (the second letter of your last name capitalized)

So if it were me for BT, the password would be:

6b7e9g1innertriathleteR

A possible conversion is to take part of the password and transform it to the end, or to insert a nonsense (but meaningful to you) word or number at the first vowel, etc.

What type of computer are you using?

If a Mac, then you can create an encrypted disk image and it is very secure.

I keep a word doc that is password protected.  The password on the word doc is one that I don't use anywhere else.

I realize that the word doc password is probably easily defeatable by an expert, but the list of things that would have to go wrong for someone to get their hands on that file and be able to defeat the password is a bit ridiculous.  If someone stole my laptop I'd be in huge trouble because I also have an enormous file of account statements and such that I've downloaded over the years.  Come to think of it...I guess it's time to password protect that file too!

I try to use the same password(s) for most everything so that 95 times out of 100 I know what the usernames and passwords should be.  Of course, it happens every now and then that someone already has my username so I have a few oddball websites.  If my first two username/password combos don't work I just open up my word doc and check what the account username/password should be...usually it's one of my oddballs!

I had to start putting them in this word doc because EVERY darn retail website has it's own account...I couldn't keep up.

Besides, when I deploy I have to leave the file with my parents just in case something happens to me...I didn't like the idea of snail mailing it, but didn't want to e-mail it over the interwebs without protecting it SOMEHOW.  So I used the password...and then I didn't even write down that password!  I gave my mom hints until she could figure it out (it's something you'd really have to be an immediate family member of mine to know).

If I really thought about it I should take the important passwords (banks/financial) off that document and just make sure they are ALL some variation of one password that I don't write down.  That way if someone got my document they wouldn't be able to do very much except annoy my e-mail and post weird crap on BT. :D

All of my passwords are a mixture of letters (upper and lower case), numbers and symbols.  I keep about 8 combinations of them, but they're all based on words/phrases I can memorize.  I actually keep a list of them UNENCRYPTED on my computers, but with hints.  For example:

username = BigFuzzyDoug
password = K!ckCanc3rsAzz

My "hint" document would have the site and say...

username = BFD
password = kicked c's butt

While I can reconcile between the two, anyone who got a hold of the hint list could never actually figure out the usernames and passwords from it.

I use Keepass to store my passwords and keep the master file in my Dropbox account so I can access it anywhere. This also allows my wife and I to share the file so we both have access to our financial/household account information anywhere, anytime assuming we have internet access.

As to secure passwords, the best way to go is described well in this xkcd cartoon.

I've got mine on a password-protected Excel spreadsheet on my home computer, but I also keep a copy on a flashdrive that I normally carry in my briefcase.

I've got three different passwords at work that have to be changed every 45 days, plus a bunch of others that I only use rarely.  I'd forget them for sure if I didn't have some type of reminder.

Mark 

The only issue with the XKCD method is that some websites are now starting to require mixed upper and lower plus a number plus a symbol.

This is what I do for my own personal passwords.  I have one that is only 6 characters for the level 1s that I sometimes have to add two letters or a capital, which can get confusing.  That was a hybrid of a password I created when 6 characters was always fine.  But I recently came up with a new password for my money related accounts that is strong and easy to remember, so switched everything to match.

This helps when I have to use a password reminder, so my reminder is always "bank password" for the hard ones, for instance.

For my work passwords, of which I have many due to my job, I keep a Word document   Fancy.

Troubador should have used an "@" instead of a "4" for the "a".

I've got a password protected Excel file on dropbox as well - might have to check out Keepass if it's virtually impossible to brute force.

I have a true-crypt partition on my computer - avoids the need for the friend who "purges" your computer on death/incapacitation.

Mine are on post-it's along all the edges of my monitor...  Bad?

I use Norton Identity Safe.  I can generate passwords based on the site's requirements and then it remembers it for me.  I just create 1 passphrase to open my "vault" and it will autofill sites for me.

If you download it before Oct, I think it's free for life.  Works as a toolbar on Chrome & IE and there is a mobile app, but I'm not a fan of the app (as it works with the webpage, not other apps - ie FB).

I second keepass for storing passwords.  Keeping passwords for banking and social networks. 

Rather than using some complicated, obfisticated, hard to remember mess, I use phrases and sentences.  As an example When I was 18 I had $100!   That will meet any password complexity requirement, is easy to remember and nearly impossible to brute force. 

It has truly gotten to the point that you almost HAVE to break the number one rule about passwords... write them down.  

Here was my breaking point... Recently for a work system I was forced to create a password that needed to contain the usual (special charter, Upper case letter, and a number), but also had the rule that you couldn't do any more than 3 of the same things in a row (i.e. 3 letter max, 3 numbers max, etc.)  So basically I had to make up a random password that I had no way to link to anything even remotely memorable.  Tell me how I'm NOT going to have that on a sticky note posted right to my monitor!