Good questions, aus_dave. I didn't realize it until I saw your post, but I've been thinking the same thing myself.

I've been keeping passwords in a plain, neutrally-marked text file (on a floppy) and print it out regularly, just in case....

As for format, I prefer a combination of upper and lower case, as well as numbers. Makes it harder to crack, as I understand it.

I use a password safe on my PDA, and sync on two different computers for redundant backups. Probably should lock up a hardcopy someplace, too.

I glue them to my brain. :)

>>- 1. do you keep a master list on paper
- 2. do you keep anything to do with passwords on your local computer, even if it is encrypted?
- 3. do you regularly rotate passwords even if they are very hard to crack
- 4. do email passwords require the same level of security (are say 8 letter nonsense words without numbers mixed in ok?)

1. On paper? Never.
2. Yes, I encrypt them with PGP.
3. Yes, passwords can be hard to crack, PGP encryption is extremely hard to crack.
4. Email passwords require the same level of security you would apply to any sensitive information. My advice is to use PGP encryption for ALL sensitive email communication. Standard email isn't a sealed letter, it is an open postcard.