This has nothing to do with guns, and only passing relevance to the forum in general, but I thought I'd see if anyone else has the same gripe.

Too many passwords. I have numerous passwords for everything from forums to online banking, and then there's the multiple passwords for work. Every system and program has it's own and then there's maintenance passwords, system passwords, machine passwords, vendor passwords.

So many passwords, and most or them are supposed to be different and some especially complex. Some have rules that won't allow anything less than (for example) 12 characters that must include capitals, numbers, and special characters. Some have guidelines that recommend at least 16 characters with all the preceding and NO recognizable words. Some expire and must be changed every quarter, and you can't reuse a password you've used in the past two years.

The policy also says that you can't write them down, or use the same one for multiple systems, since a hacker could get into all your business by cracking just one password. I think you'd have to be some kind of special genius to follow all the password rules to a T. I could understand maybe if I worked in a high-security, top-secret kind of industry, but I don't. I follow the rules much closer than most, but it can get frustrating.

Are hackers and scammers really that good at getting around passwords that we all need this level of security?

my favorite ones are the ones that expire every 90 day's and you can't re use an old one.

I agree with you. I forget them, mix them up on which to use, etc.

I really can't count how many different PW's I have, but it doesn't matter I can't remember most of them.

I have gotten used to reading ......."Forgot your name or password, enter here!":veryconfu

Thought it was my age. Glad to see I'm not alone

https://imgs.xkcd.com/comics/password_strength.png

The only difficulty being with this method is that a number of websites want you to use a numeral and sometimes a non-alphanumeric symbol.
Best security is with two factor authentication (SMS sent to your mobile) Gmail and banks use this.
I am wary of password storing websites and computers. I will keep some passwords inside a truecrypt/versacrypt volume.

my favorite ones are the ones that expire every 90 day's and you can't re use an old one.
Work is that way. I started with a word and a number, add one digit each time. IT says no way will it work but it dies. Most of my other passwords involve lyman or rcbs bullet numbers.
Like the blond who was asked her password,:Mickey, minnie,goofy, donald,sylverter, tweedy, tinkerbelle,aurora,ring finger. What? Eight characters and a digit.

I use a program that generates and stores all of them. If someone can hack 512 bit encryption than they deserve to get all my info because they sure worked for it. The security is actually layered because the program uses 256 bit encryption and I then proceed to encrypt the file itself. Work requires I change my password every 90 days. Other than that they very rarely get changed. I wish the standards were all the same. 30 characters, upper case letters, numbers and all symbols allowed. This would make hacks exponentially harder.

I agree with you . . . . so many passwords to remember! My wife and I keep a small pocket notebook with all of ours in them to refer to. If we didn't, we'd never remember them.

Now, we are sort of being forced by the doctors we go to to sign up for their "portal" . . seems like everyone has a separate one. Yea, I suppose it's convenient if you want to check on your records, test results, etc. I was in to see my kidney doctor for a check up a couple of weeks ago - I see her about every 6 months and she is a sweet heart - very down to earth. The only hospital in our county now owns around 75% of the practicing physicians in our county. She asked me specifically to sign up for her portal . . . seems that since her practice is now owned by the hospital they are having a to of pressure put on them to get their patients to sign up for the portal . . . if not, they get a "scoring" and a threat that part of their pay will be retained as a penalty for not getting enough patients to sign up. And they wonder why so many are fed up with this particular hospital system. And like already mentioned . the password on these "portals" expires every 90 days. What a PIA!

I guess all this technology is supposed to be "easier" . . . I don't see it that way. So impersonal and while the younger ones may ike all o fathers stuff . . . I'm old . . . but then I still use a "stupid phone" too! LOL

Use a short phrase with substitutions from the post above. Something like "1F0rg3+P@ssw0rd$"

Hackers can use downloadable applications with rainbow tables against common passwords, even decently long ones. They don't even really deserve the name "hacker".

The health care portal thing is an extension of the requirement for electronic medical records...

I write down my passwords on a sheet of paper, then I hid the paper in my den, which is a mini junkyard with about 800 books in it. If you come here and can tear thru all this **** and find the paper, you are welcome to it.
Ole Jack

Go to www.download.com, there are password managers there. I use Blackbox Password Manager. Yes you need to have a password to open it (your own), but that's only one password and you can change it anytime you want. It will hold more passwords than you will ever use and you can categorize them. I keep mine on a dedicated flash drive OFF my computer and keep a backup hidden someplace. A flash drive you can carry around with you but be sure that you have a good password to open the program. In case of loss, use the backup and change all the passwords and and make another flash drive. The more common ones I can remember but still once in a while I have to refer to the flash drive. With this info not on my computer and I can change my passwords quickly in case of loss or stolen I figure I'm pretty safe.
Oh yes, the program can generate a password if you want.
Dean

I got em all written down in partial code.... somewhere here....
If you can break in and find that paper.... and you can figure out what goes with what..... you are really on your game. 8-)

I have to relate mine to some real life situation. Recently had to change one and used a reply to my son's text too many times this year deer hunting. "Seen any?" he asked. Ic0andu?

I have basically four passwords I use and I categorize them. Whenever I shop on line and they ask me to create an account I've got one password I use for that. I also use that password for things like forums.

I've got one password I use for personal, but not high security, things like e-mails and such.

I've got one password for subscription based things like Netflix.

I've got one password for high security things like banking.

Each of these typically will pass any sort of "You have to have X number of characters, mix of caps, numbers, etc." sort of requirements.

It really streamlines things but still maintains a good level of security.

With one of my insurance companies (health, home, car, motorcycle, whatever), I can never remember the password, so I always have to reset it each time I need to access it. I only have to access it once each year -- that is why I can't remember it. Of course, they remember all your previous passwords, so I have to go through a few before I find a new one.

i once stored them in a file in an encrypted pseudo drive, but then I forgot the password to the pseudo drive.

i considered writing a password generator and encrypting program at one time, but never got around to it. I figured that too many of the sites had conflicting password requirements to be able to generate passwords that would work on every system.

I had the DES and AES source code, so I wasn't worried about the stored file being secure.

One company that I worked with required password changes every month. That actually was convenient since I could use a pattern based on the year, month, and start day of the month. That way, if a password database was restored with a prior one, I would know what password I was using back when that database had been active. During some disaster recovery testing, that proved useful.

Back on the old command line UNIX machines, we could put actual backspaces and tab characters in passwords. Usually, people did it by accident and could not login again though. :)

There is password safe pwsafe program. http://sourceforge.net/projects/passwordsafe/
You remember the password that opens the safe and there you keep a list of your accounts, usernames and passwords. As others have mentioned the data is heavily encrypted, using the password you set as the safe combination. Program can run off of a USB jump drive and the encrypted data file can be stored there too.

Another popular one is Keypass http://sourceforge.net/projects/keepass/ Both of these are free to download. Folks I work with are sort of split between these two. Both are good choices to manage multiple passwords that are strong and hard to break, and seldom used.

We use them at work and as a convention on each system there will be a password safe where system administrators store application passwords, or passwords for accounts that only exist to run jobs. "Bill set the backup software password, I don't have any way to run the restore" is not an acceptable situation. Bill dang well better have put that password in the common safe.

I also like phrases, either a whole sentence (many characters are hard to hack even if they are actual words) as a pass phrase. "Old Yeller was one sad movie-ending" is easy to remember but a beast to crack. Or a quote or sentence using just the first letter of each word. Using above that would be "OYwosm-e" again easy to remember since I just have to remember the sentence but not easy to crack. Some systems would insist on a number so replace "one sad" with "1 sad" or "1s". Lot of firearms are favorites or first and have a number, makes for easy phrase. How hard would it be to remember "My first pistol was a S&W .32 caliber" ? Or a Ruger or a shotgun was an H&R or .....

I use a "Password Chart"

The one I use, is from an excel spreadsheet. Each time you run the excel, it generates a new "Password Chart."
156139
Using the chart above, your pass phrase of "abc" generates a 12 digit password "W>8pZ1SkJw7."

This way, all you have to do is carry the chart, which doesn't do anyone any good without your secret phrase.

I was going to reply to this thread yesterday, but I forgot my password.

I use a "Password Chart"

The one I use, is from an excel spreadsheet. Each time you run the excel, it generates a new "Password Chart."
156139
Using the chart above, your pass phrase of "abc" generates a 12 digit password "W>8pZ1SkJw7."

This way, all you have to do is carry the chart, which doesn't do anyone any good without your secret phrase.
I like this method. You could use the chart to easily set up passwords for each type of site. For example use the first four letters of forum to generate a password for all your forums. Use the word bank or cash to generate a password to generate a password for all your banking. Use the word shop to create a password for all your online shopping.

You get the idea. This way the word is related to the site, but with or without the key, most people would never figure it out.

My favorite was a cartoon I saw once. Father and Son with Son holding a Puppy. Caption..

"Now be careful what you name him son because it will affect your passwords the rest of your life..."

The one I use, is from an excel spreadsheet. Each time you run the excel, it generates a new "Password Chart."
156139
.
This method is interesting. In effect it is a one time pad method for encrypting your passwords. Woe betide anyone losing their printed out chart however!

A good password encryption tool will never store your plaintext passwords to disk in temporary files, even if they subsequently get deleted. The only time the passwords are in plaintext is when they are in primary memory. When they are written to disk, they are always encrypted at that point. Ideally, the utility would also store in encrypted format the personal information that you might have associated with that account (e.g. password recovery security questions and they answers, email addresses for each account, credit card info that you use for that account, etc). Some people think just putting it in an encrypted Excel spreadsheet is good enough, but there are password crackers for Excel, so that would only protect you from casual spying eyes.