A simple scheme that produces very secure passwords, that doesn't require your poor meat brain to remember a thousand different kinds of alphabet soup, is to use a two-key encryption system. And I'm not talking about something you need a calculator, computer, or even an abacus for.
Benefits: you never have to remember more than one password ever again; password generation is quick, easy, and secure; you don't have to trust anyone or anything else to remember your password for you.
Downsides: if too many sites containing your encrypted password are hacked, and, those accounts are linked to you, someone could puzzle out your encryption scheme and figure out your master password.
Now, the downside isn't something that is going to happen by accident -- especially if you follow basic safety precautions like changing your master password and updating the others as soon as a site is hacked. You'd have to be deliberately targeted for anyone to figure it out, and if you're being deliberately targeted then you have bigger issues.
Anyway. The scheme is simple:
1) Create a reasonably secure 'master password' that you can remember, 8 letters or more long (that being the common standard). You will never write it down, so commit it to memory, and obviously don't fall into the trap of using your SSN, mother's maiden name, birthday, etc. An easy way is to pick a random word that has meaning to you -- "Lopsided", as an example -- and then convert it to leet-speak. Vowels become numbers, like so: "L0ps1d3d". Anything here works, so long as it is something you will remember.
2) For every site/domain/whatever that you need a password for, combine your master password with the name of the place the password is for, by alternating letters from each (or use whatever method you prefer; go down the columns, or a rotate-by-three, or whatever). Pad the site name with X's, a symbol, or whatever, as needed, or just repeat the site name. If I were creating a Gizmodo account using my above master password, it would work like so:
L0ps1d3d
Gizmodo
---------
Lipm1d3x
2a) For situations requiring a rotating password, where you have to change it every X days and it can't be part of the previous sequence, incorporate the date. Alternate which one you start with (top or bottom) every time -- you'll always know, because you know your scheme:
Lipm1d3x
Jun2010
--------
Jinm0d0x
That's it.
You can do the entire process in your head in seconds. So long as you never forget your master password, you'll be able to create a secure password for every site you visit without exposing any other sites to easy hacking.
--sofaspud
--"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs
Benefits: you never have to remember more than one password ever again; password generation is quick, easy, and secure; you don't have to trust anyone or anything else to remember your password for you.
Downsides: if too many sites containing your encrypted password are hacked, and, those accounts are linked to you, someone could puzzle out your encryption scheme and figure out your master password.
Now, the downside isn't something that is going to happen by accident -- especially if you follow basic safety precautions like changing your master password and updating the others as soon as a site is hacked. You'd have to be deliberately targeted for anyone to figure it out, and if you're being deliberately targeted then you have bigger issues.
Anyway. The scheme is simple:
1) Create a reasonably secure 'master password' that you can remember, 8 letters or more long (that being the common standard). You will never write it down, so commit it to memory, and obviously don't fall into the trap of using your SSN, mother's maiden name, birthday, etc. An easy way is to pick a random word that has meaning to you -- "Lopsided", as an example -- and then convert it to leet-speak. Vowels become numbers, like so: "L0ps1d3d". Anything here works, so long as it is something you will remember.
2) For every site/domain/whatever that you need a password for, combine your master password with the name of the place the password is for, by alternating letters from each (or use whatever method you prefer; go down the columns, or a rotate-by-three, or whatever). Pad the site name with X's, a symbol, or whatever, as needed, or just repeat the site name. If I were creating a Gizmodo account using my above master password, it would work like so:
L0ps1d3d
Gizmodo
---------
Lipm1d3x
2a) For situations requiring a rotating password, where you have to change it every X days and it can't be part of the previous sequence, incorporate the date. Alternate which one you start with (top or bottom) every time -- you'll always know, because you know your scheme:
Lipm1d3x
Jun2010
--------
Jinm0d0x
That's it.
You can do the entire process in your head in seconds. So long as you never forget your master password, you'll be able to create a secure password for every site you visit without exposing any other sites to easy hacking.
--sofaspud
--"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs