Realistic Password Advice Please

All the talk on password security. I know the advice, unique, complicated passwords with numbers and letters. I'm posing a REALISTIC and serious question here. How can this possibly be maintained? I've listed below the stuff I logged into yesterday through my history (yes literally). It topped out at 30. I mean honestly, it's just not possible to come up with and use a unique password every single time to be as secure as everyone says.

I can see combining things such as all email with a single password. All forums??? Maybe, maybe not. (Admin's on Guru force a new password every 90 days so that's not a concern). I mean every game you play with a unique password? C'mon. Bank/financial stuff you don't mess around with so that's all seperate and completley unique including email associated with it. Then there's some work stuff that I don't have a choice but is assigned a password that you also have to keep track of.

You can't save your passwords in file, that's too easy to grab by someone. I know there is software out there to help keep track of all your passwords but I hesitate considering earlier this year I fried a hard drive that all data was unrecoverable. So what is there? Sheet of paper, yeah right. What's the best method? Now people are one upping that with a unique email address you should ALSO have with certain accounts. It's a bit ridiculous.

Looking for realistic answer's here.

twitter
fb
gw1g
gw2g
gmail
gmail
yahoo email
yahoo email
ncsoft
bank
bank
utility
forum
forum
forum
forum
forum
forum
forum
forum admin
forum admin
site admin
site admin
site admin
IRC
IM
game
game
game
blog

Personally, I do use a couple of main passwords for unimportant stuff, and unique passwords for important things (like banking).
Since no one, outside of my own family, has access to my computer (or home), I write down the unique passwords in a small notebook. (Which I could lock in a drawer, but don't.)
I use Windows and/or Firefox's ability to "remember" passwords to simplify the process - some important unique passwords are not "remembered" though.

Just keep in mind to try to keep passwords either very unique, like "aSpo67&LLm" or else, make sure they are something that you would know, but casual acquaintances wouldn't guess. For example, your mother's maiden name plus her birthday date.

And, of course, keep your virus/spyware checkers active to catch keyloggers.

Personally, I use a sheet of paper. I update my main passwords every 10 days, and change the main piece of paper every 10 days as well.

As for other non important passwords, I usually make one solid password and stick with that. I keep those on a permanent paper for reference.

I store unimportant passwords using Firefox's password manager as well.

It is a lot of work, but honestly, to be safe these days, you have to put some effort in. Too many people forget that, and just don't do what they need to do to be safe online.

If you make a habit, and keep telling yourself a mantra (like, "I need to do this to be safe") you might find after a short while of doing it every however many days, that it isn't a chore, and just a motion you start going through.

I guess one of my points is, I don't think anyone is ever rock solid truly secure. Or they only go to a few internet sites a day I guess.

I'm at the point where things are getting more complicated and am really looking for a way to manage all the different passwords that are needed. So maybe I just need to see what some of you all are doing to maintain your security.

For my super complicated passwords I can't remember that well, I have a little text file hidden and encrypted on a flash drive I only plug in when needed. Sure, not the best solution, but if there's a keylogger or clipboard monitoring malware on the machine no matter what option you use is going to fail if you don't detect it soon enough.

Right next to the Sword of a Thousand Truths. His super complicated passwords
also cause 120 DPS with instant mana burn and give an enchant of +80 stamina.


I agree with the idea of having 3 different passwords and using them on different things, a short one for non crucial stuff, one that's like your b-day or something for personal but non vital stuff, then make one super long letters and numbers one for things like guild wars or secure logins.

Haitian voodoo, as if there's any other kind? :P

I use a system where random things that get said that day or days ago get mashed into phrases only I can know. And keeping track in a secure spot on paper is the best solution. Partner that with frequent virus scans of your system and do all your Windows updates, you should be pretty safe.

Updating frequently is a major thing to do, and if you rely on Firefox to auto-fill, you might get lax and not do it as often as you should. Plus, if you lose your HD, you're boned.

I think most of the cracking that happens is because of 2 things: people using stupid-easy passwords (like: password) or giving their information to someone else for whatever reason. Somehow I think that the people who can invade your privacy would be after the big fish, and not necessarily concerned with us little guys.

i have a sheet of notebook paper next to my computer with info and stuff, not like people can see that over your computer

I have a laminated sheet under my keyboard with a bunch of my passwords. I don't have very important stuff (as of yet, only game and email. I'm a minor, so no bank account yet). I also have a notepad with basic codes like my internet connection password.

in many computer science departments, we allow students to log on for that quarter. we choose their username, but they choose their password. which creates huge security problems. as such, the recommendation is choosing the first letter in a phrase that makes sense to you. our examples are:

sewage workers: do not chew your fingernails!
password: sw:dncyf!

ex-girlfriends - one less bitch to slap
password: xgf-1lb2s

so my username of 'squirrel' could have a catchphrase '1 more tree to climb' and my password would be '1mt2c'. for your games, at least, base it on your character:
username: i pwn
passphrase: time to kick ass and chew bubble gum, i'm out of bubblegum
password: t2kaacbg,ioob

Use a password manager. That way you only have to remember one. I use keepass. It has a password generator so you can easily make a random password as well as store them.

I just use a couple of simple ones for forums and stuff like that.I clear out my browser everytime I exit it and when I do my banking I clear out my cache.I don't have them written down anywhere.This is why I need ot use the pw recovery in NCSoft site for my master account.I don't use that much so I forget it.

To create an easy and secure password, just take a random word and apply leetspeek to it
i.e. guildwars ==> gui1dw4r5 or gu11dw4r5 if you want to change both 'i' and 'l' to numbers
Just look up a random word in a dictionary (try to take a word of moderate length)

I kind of like that one.

Also,

http://googleblog.blogspot.com/2009/...g-list-of.html

I categorize accounts by importance, and choose a password and e-mail based on that. Then I use modular passwords. For example:

Pick a few things: 1abc234 (license plate), eggrolls (word), 56789-0123 (zip code), etc.
Decorate them, e.g. EGGro11s
Make combinations, e.g. 1abc234EGGro11s
Decorate the combination: 1abc234O_OEGGro11s

Then I just use variations on the theme as my passwords. It's easy enough for me to remember, since only important accounts have unique passwords. Even then, there are some exceptions. Sometimes I use the same password, but instead use different account names.

This is worthless. Anyone trying to guess your password will also use these common substitutions. And using words that appear in any dictionary - even klingon - makes automated brute force attacks much easier.

I use a passphrase approach similar to squiros, but I use at least two phrases or obscure song lyrics that are completely unrelated, and join them together. I also use symbols and weird substitutions of my own (not stuff like i = 1). This produces password strings that look random, but are easy for me to remember.

All computers die, and all your data dies with it. It's only a question of how long before it happens. If you have anything on your computer, that you value, can't replace, can't afford to lose... you MUST make backups. With a little planning, this doesn't have to be a difficult or onerous task.

If you really have so many passwords that they are becoming unmanageable, perhaps you could put them in all in a file/spreadsheet... and then put that file in a strongly encrypted container (eg. Truecrypt). Make a single "master" password for that container, that is fully monstrous, and burn it into your memory such that you will remember it for all time.

Sheet of paper in your wallet.

p.s. hi it's captain arne

Just take your favourite song and replace it with some leetspeak like Dre said. The brain works by associations when it comes to remembering, so if you associate a song with a website it's not hard to remember. All you have to do is replace some letters with numbers.

For exaple, GWGuru reminds me of Trancequility ( some 1.5h mix by some DJ ) which then becomes Tr4ncequ1l!ty

Not hard to remember, but very very hard to guess.

First of all my apologies for posting in a 1 month old thread.

I would like to recommend KeePass as well.

http://keepass.info/

A few years ago I realised that I would be more secure if I used different passwords for everything, this wasn't due to any sort of breach of security or anything. I just realised that using two different passwords for everything wasn't very secure.

I think it was actually someone from GW, possibly Dralspire who I first saw recommending this particular software.

Since I started using it I have generated unique passwords for everything I use and not only does it make it easy for that respect, and it's ability to store the passwords and encrypt it's database but you can copy and paste out of the software to prevent being vunerable to keyloggers when typing passwords.

I also use the PortableApps (http://portableapps.com/) on my USB Flash Drive, and my copy of KeePass is the portable version to run from USB. This way I can take it anywhere and use it on any machine that has USB ports.

I would recommend it to anyone, I haven't had any problems since I started using it and don't forsee any problems in the future. There are also a lot of functions in there that I don't use but for keeping, generating and using passwords it works really well.

Hope it helps.

If an elite team of hackers wants to take the time to break your password etc... it's just about 100% for sure that it will happen - it's just a matter of how much time do they want to spend on it, and for almost everyone on these forums, it's not worth it. I know for sure that there's nothing on any of my computers that would be tempting to anyone, and I suspect most of you are the same.

Common sense when on the intrawebz will protect you more than 30 different passwords. Obviously it's important to have good passwords, but I don't believe it's at all necessary to have a different one for everything you ever need to loggin for. I use several different ones and it's not at all hard to remember that many. Keep them in your head and you know they're safe.

There's really not too much need to change your passwords often unless you visit an insecure/unsafe website. Safe password practices are more of not giving your password to anyone, and when you register for a website, know what you're registering for, etc.

not so sure about that. but hey, what do I know?

I don't write my passwords down anywhere but I have used Firefox and SplashID (so I could have my passwords in a little database on the Palm devices I've used through the years) which both require a central password to access.

My PayPal account got hacked a number of years ago after I sold a router on eBay. The router still had my setup in it, the buyer needed the password to change it and I stupidly gave it to him. It happened to be the password I used for most everything at the time and I nearly lost $6k in transfers from my checking account to PayPal. After that I created a new password schema and changed my passwords for everything.

The password schema: I've found it easiest to use a base word (can be anything) prefixed by the type of account and suffixed by a number (either something that means something to me or the year I've created the account).

So for example:

fMaximus07 - a forums account
sMaximus07 - a shopping account
b1Maximus01 - bank #1
b2Maximus03 - bank #2
xMaximus07 - a GuildWars account

Easy to remember, satisifies requirements for letters, numbers and upper/lowercase and I only reuse them on sites of low importance (for example, forums sites passwords tend to be the same). Also, if the login is based on the email address (I have at least 3) then I'll use one email address for gaming sites, another for shopping sites, etc.

So, if you got my email address and password from a Guild Wars fan site via a security breach, you wouldn't be able to login to my game account, or any other account for that matter, even if you knew the other sites I have accounts on.

Regardless, as others have said, if someone wants it they'll get it.

Inde, Make passwords that are extremely hard for even you (the owner of the account) so hard to remember that you must write them down on a piece of paper. They should not contain any words in them and contain random uppercase/lowercase letters as well as a mixture of numbers and symbols. Than, keep this paper in a safe place in your house. Hackers can't see this paper, and even if they attempt to try and hack any account of yours, they will realize nothing is working and will move on to someone with a weaker setup. Brute forcing a password that contains no dictionary word evidence in it is likely impossible. Follow it by changing them regularly to shake off anyone who is trying to guess it letter by letter slowly. You might not be a target all the time, but take password security into aspect that your password is always being attacked by someone every minute, this'll motivate you to make passwords that are much more secure and be more aware of how dangerous hackers are.