Ever since I can remember, in the world of work, there’s been a need to choose passwords. Yes, modern browsers can “remember” your id/password pair (this is not always secure – see the note on Firefox below), and various sites enable automatic retrieval of passwords, but periodically they force you to re-enter your password. It’s also highly advisable to keep different passwords for different sites, as a security breach on one site won’t then affect you on another – I make sure that anything financial has its own password set. I also make sure that my email accounts have separate passwords. But, short of writing down your passwords in a diary and keeping it with you (which poses its own security risk) how do you manage 30 or 40 passwords? I find there are two approaches that makes this all easier and quicker (and a third way that is available on certain sites).
1) Convert a phrase to a mnemonic. This is currently my favourite – it allows you to remember passwords for various sites, yet is easy to recall. There are two parts – the first involves choosing a mnemonic for a phrase (this is the bit you have to remember). So it could be a catchphrase “When a man is tired of London he is tired of life”. This converts to a mnemonic of “wamitolhitol”. In itself this is not a strong password, so I capitalise a couple of letters and change the ultimate ‘o’ to zero ie “wAmItolhit0l”. Then, to make it unique, I insert (perhaps at the end) a couple of letters from the site I am accessing to the password. So for example with Facebook I utilise ‘AC’ (making “wAmItolhit0lAC”) with Twitter I utilise ‘WI’ (making “wAmItolhit0lWI”etc. Not the prettiest of solutions, but the standard approach makes it easy to use for various sites. You may wish to alter the approach slightly (perhaps by changing “i” to “1″) and make sure to choose the initial phrase that you can easily remember, but that others would find hard to guess.
2) Password manager – this is preferred by many people, and there are various utilities out there that offer this service. It means you generally only need to remember one master password (and occasionally other security details). RoboForm is very popular with many users, but there are others such as LastPass and 1Password . You can also get password managers as a browser add-on. One thing you should ensure is that your id/password pairs are not stored away from your computer, as hackers can then access 1000s of ids/passwords if they can break the storage security. Luckily the likes of RoboForm now save your id/password locally, so a security breach on their site shouldn’t give the intruders to your passwords, which are protected by your local master password. One important thing you may not realise is that if you use Firefox to store and recall your passwords, then it’s easy for someone with a couple of seconds access to the computer to look at your passwords by selecting Security=>Saved Passwords within Tools=>Options.
3) Lastly there is another method, that some sites are now utilising. They ask you to log in using credentials from elsewhere – OpenID, Twitter or Facebook perhaps. I like this method as it means you only have to remember one password. I wouldn’t use it to access my bank account though.
Further reading
Lifehacker on password managers
PC World – best password managers
(for geeks) web passwords by coding horror.