Jim

Thursday 12th March 2009 | 09:00 PM

I admit, I'm half-guilty for this. Most sites, I kinda don't care. My banking sites have a stronger password, but it's a derivative of my regular one. Work is a different story, I have a list of 5 I cycle through as I'm forced to change it every quarter or so.

My biggest problem is the different rules on different sites. Some are case sensitive, some aren't. Some want numbers and letters, others don't. I wish the sites with the really screwed up rules would remind you of the password rules when you go to login. This goes especially so for the sites that FireFox won't/ can't remember the damn password...

The Computer Whisperer

Thursday 12th March 2009 | 09:17 PM

I had a customer of mine say to me just the other day that she uses the same password on her computer login as she does on her internet banking, she didn't want to give it to me.

When she told me this, her daughter who must have been all of 8 years old piped up and said "I know what it is"

lolz.

It was probably her date of birth.

andrew

Thursday 12th March 2009 | 09:31 PM

so i guess a lot of people will use password for their password, but would it be that obvious?

Gail

Thursday 12th March 2009 | 11:51 PM

And don't forget about the poeple who use the name of their:
1. Spouse or SI
2. Child
3. Pet
for their password(s). SO easy to guess if you know the person at all.

Jim

Friday 13th March 2009 | 01:59 AM

The trick is to get a password that even people who know you couldn't guess and nobody could google or search on the internet. Though you probably should have someone who knows your password, in the event of an emergency or whatnot. My wife and I use basically the same password(s), which makes life easy.

The Movie Whore

Friday 13th March 2009 | 03:29 AM

I don't use one password for everything, I use 2. Just as bad in my opinion and I have thought have changing it up but my memory sucks and not every site allows firefox to propagate the password. This means I have to go into my tools and look it up. It is a pain in the ass and I am a lazy fool.

Bob

Friday 13th March 2009 | 08:12 AM

If a person wants to find out what password you are using no matter how difficult or simple it is, it's only a matter of elimination and time.

Mario

Friday 13th March 2009 | 09:28 AM

It's convenient to set up a hierarchy, so to speak, based on the relevance and importance of the website you want to set up a password. For example, in an order such as financial sites first, then email accounts, social websites, game or forum sites, etc.

Though Jim made a good point. It's quite frustrating when you stumble on sites you want to apply that hierarchical formula and it requests a different form to be entered instead. But also, I think it's very bad to depend on password managers to remember them. Imagine finding yourself on another computer unable to log in a website to make a comment, requesting an email to reset your password, and not knowing your email's password. Or some added security that reads the request is coming from a different IP than the usual and locks you out. :/ It's happened a few times.

Rodney

Friday 13th March 2009 | 09:36 AM

Having worked in IT for over 10 years I can categorically say that at least a double figure percentage of people, if left to their own devices, will wind up with "Password1" or "secret" for their password. And the majority of them will think this is clever. Furthermore, at least 50% of customers I have had will use not only the same password for everything (and tell you this) but also (if you allow them) use the same password for all eternity.

In any case, although "Password1" is a terrible password, to a dictionary attack, it's no worse than any other word + number. Frankly, any password that can be guessed or is based on a dictionary word or key sequence is effectively no password at all.

This is exactly why enforcing password policies is now a must.

Mikey

Friday 13th March 2009 | 11:40 AM

In some instances a password is useless despite its complexity. Once upon a time I needed an FTP username and password from a client so I could access their web site. The company in question is a very high profile clothing company. When I called I simply introduced myself to the stranger at the other end of the phone:

"Hi, I'm the guy who does your web site. I think someone at your end has reset the FTP password. Could you give it to me"
"Ok hang on a sec I'm new here. I will see if I can find it ...on hold... Hi yes the password is ***********"
"Thanks"

Luckily for them I really was the guy doing their web site.

More in topic, I used to use a basic formula for passwords that simply involved replacing alpha characters with numerals and vice versa with a word I could easily remember. Example, if the word was "commander" the password would be "c0mm@nd3r".

Jim

Friday 13th March 2009 | 07:01 PM

...in response to this comment by Mikey. You and your fancy l33t sp34k :P

Shailendra

Friday 20th November 2009 | 12:45 AM

Got a good insight on password strength and using non-regular complex password.

Personally, I use freeware application Keepass to generate strong password and does not take pain to remember all those. Remember one password and let keepass remember everything.

Best regards,
Shailendra Vijayvergia