For the past couple of years, RSA Security has conducted a password management survey. The last survey involved over 1,300 business professionals.
Eighteen percent of respondents managed more than 15 passwords, although only five percent could easily remember that many. Thirty-six percent of respondents managed between six and 15 passwords.
Between personal and work, I manage hundreds of passwords. I have a separate password manager with a master key to keep track of them all. Some folks like KeePass for their desktop clients, Clipperz for online. I use YoJimbo for the Mac. Most of my passwords are static and relatively unimportant if compromised (e.g., my social bookmarking website account). Some passwords need to be constantly updated and are very significant if compromised (e.g., my bank account).
I had one of my passwords change on me today. The password policy for this particular account is to force a change every month and a history is maintained, going back at least a year, to ensure that I do not reuse passwords or perform incremental passwords. The password must be at least 8 characters and it must include a numeric. So the password Forget01 might be okay for month 1, but Forget02 will be rejected in month 2.
For the first few months, this drove me nuts. How can I create strong passwords that are easy to remember?
One approach is to use the current month and year and get creative:
JanYouAiry200Sevn, FebYouAiryOh7, MarrCh2kseVn, EhPrill07, MayTwoOhOh7
Another approach is taking two words that are easy to remember, and blending them:
“blue coat” creates 1bclouaet or taoc.eulb.1
And yet another approach is to take a city and substitute symbols for vowels and then concatenate with another word or location:
Toronto with Ontario creates T*r*nt*.*nt@r!*
Montreal with Quebec creates M*ntr&@l.Qu&b&c
With so many possibilities, I find myself now looking forward to a password change. And, as long as I write the password on a PostIt and stick it on my computer screen, I will always remember it.
I used to play this game a lot before I got tired of it 🙂
You might be looking forward to the next password change, but writing it down on a sticky on your computer screen is less fun, not to mention less secure.
After tiring of these games, I tried all the Mac password managers to find a better way. I couldn’t find anything that integrated with my work flow, especially in the browser. I eventually decided to write my own, 1Passwd.
With 1Passwd I use now use the *automatic* Strong Password Generator and let 1Passwd handle the automatic entry of the password when needed. In fact, I never need to even know the password.
No more stickies 🙂