Guess I better stop using 1234 ;)

Marshall

I should probably stop using 'bill' as well :)

Speaking to Mrs engine, she finds it a chore to remember all the passwords, not to mention changing them.

Just let the browser auto-fill remember them.

If you ever forget them, and you use FF, they're stored under 'tools->options->security->saved passwords... ->show passwords' and you can synch them across devices. Worse case, 99.9999% of sites have a method to change a lost password so big whoop if you forget it.

Basically, all your passwords are only as secure as your primary email account linked to all your other secured accounts. If your primary email account is secure, you're good. If it's lame and easily compromised, you have a house of cards just waiting to crumble.

FYI, I would recommend at least 2 email accounts and either use one for 3rd party services that you may not trust to be so secure and use the other for your financial accounts.

I used to use "open" as a password. No, not for my bank account ;) for the screen saver. It had a game option, and if your cat stepped on the keyboard while the game was suspended, there went your 187,000 points down the drain. Matter of fact, I may still have my computer's Guest login set to "open". It will not bring anyone* any closer to my secret offshore bank accoutns.

I'd be seriously sunk if my Keychain melted, because it functions as an auxiliary brain.

There used to be a Rule: Use a different hard-to-crack password for every function. Do not write down any password anywhere. Change all passwords every two weeks.

Possibly this Rule dissolved when its makers passed 40 and could no longer remember the name of their third-grade classroom pet. Or was it the combination to their second bicycle lock?


* Including myself.

Ohhh man this is so true it literally hurts. :-\

Insecure passwords are like unexpected teen pregnancy; in this day and age, there is not one legitimate excuse for either to ever happen. EVER. We asked for education, we were given it. We asked for prevention, we were given it. Why does it still happen? Because people are lazy.

I had a server hack a while back that got an IP blacklisted, all due to a domainame123 password on one of the users out of my reach. The sad thing is, even with something like that happening, these same people say "wow, bummer dude, sucks to be you" and they keep right on doing what they are doing.

Entire businesses - other innocent users on the same server - have been affected all because they wanted an easy password to remember. It's the cause of the spread of this hacking "disease", and the people doing it don't assume responsibility for themselves. They're also the ones pounding their fists loudest claiming something must be DONE about these hackers!

There's no excuse. If I can convert one lazy password person with this link, it's worth it:

Keepass [keepass.info]

- FREE and open source - which insures it's security (read the docs)
- Portable - carry it with you and run it from a USB stick
- Remember only one password, ever again - the password to access your keepass database
- Not "clouded" - your database exists locally, not somewhere out on "teh internets" where it can get hacked
- easy to use - right-click the entries, select copy password, you have 12 seconds (by default) to paste it into the resource (login box, SSH command line, whatever) before it is flushed from memory
- Allows redundancy - you can make backups of the database files (and no one will ever be able to access them without knowing your master password)
- Multiple database support - share entries with other users by copying entries from your database to others; the databases open in a tabbed system similar to tabbed browsing

I manage thousands of passwords. Literally thousands. And I couldn't tell you even one of them. I set it in Keepass and immediately forget it.

Just don't make your master password . . . keepass123. :-\