Passwords are ubiquitous throughout the World today. So what do you think of them? (BTW if you post your Password to all your Financial data we can check to make sure it is solid.)
Personally I have problems with Passwords that some random retail site on the Net always seems to want. I certainly do not give them one of my standard PWs - since like Secrets, If you tell anyone a secret it then is no longer a Secret. So I have to make one up that is immediately forgotten until I sometime in the Future return to the site. At which point I have to go through changing the PW folderol.
Once again, no appropriate poll choice. 
I have, I believe about four or so "standard" passwords that I alternate, both randomly and because they are not of equal strength and some are more appropriate in some places than others.
The scheme I like best (although only one of my "standard" passwords was developed from it) is to take a favorite quotation, say "The rain in Spain falls mainly on the plain", and use the first letter of each word, so based on the given quote, the password would be "TriSfmotp". Of course the quote needs some capitalized words, and would be better with some numbers and/or special characters. If you were to use mattb4's sig, you would get a password of "IatIasIacplitp". Could be worse. Might be a little too long for some sites.
I will give this a bit of a serious touch because of my experience yesterday.
I have my passwords stored in Kwallet. This gives me the possibility to have a lot of different ones without bothering storing them in my brains (not much space there).
Now my bank is a bit of a peculiar beast in programming. They think that their login page is much more secure when the input fields (in an HTML form) do not simply have names like 'user' and 'password', but they random generate them (last time they were 'kqcnkeupquwc' and 'bkxlanrqd'). Kwallet sees that it has the fields to fill in when the combination of URL, and fieldnames are the same as when it stored them. So Kwallet does not fill them in here. In this case I open Kwallet on the screen, search for the password and cut/paste it into the login page. Then, on sending it off, Kwallet asks "shall I keep them for you?" because it sees it as a new combination of URL and fields (one of which has the password attribute). I say "yes" because I want them saved for the next time.
When you are still with me, I am now coming to yesterday. Doing things routinely is creating havoc sooner or later. I did not cut/paste the password, but the userid from Kwallet into the page (where it shows as ...., so looks OK). I send off the page (with the wrong password) and Kwallet asks "Shall I store it?". "Yes" I said, and Kwallet now has also the wrong password!!! Where to find the correct one? Of course my bank has a procedure for the noobs who forget their passwords. But that takes about a week (and I do not want to be a noob!).
Backups came to the rescue. But it may be a lesson to me and others that when your Kwallet is corrupt, where is your fallback?
---------
And some comments on th banks behaviour. I think they try to avoid brute force cracking which may work because the cracker does not only to have the password to vary, but it has to guess what the fieldnames must be. Almost impossible IMHO.
It has one CON IMHO. When the URL is not exactly as it was during password storage (as with phishing) Kwallet wil NOT fill in any password. It may be I sign to you to look more carefully at your URL. This check is now nullified because Kwallet will never fill in with this banks login page.
I selected the 2 password option as its the closest to me. I'm like bozo and have about 4 passwords I standardly rotate around. One of those is for those possibly shadier sites, or sites that I don't really care if someone else gets into. No one ever has though.
I selected option 2 as well though it's a code book I keep in another room away from the PC.
What i do is I'll write a password for some page or the other then enter it in the book. If I need to come back to it I got it. Some passwords though I let Firefox keep like the one for this forum or the other suse forum. Even then they're in the code book, for re-installs & such.
My Bank insists that I change the Password every 60 days. For it I run a alternating of two PWs that if the first does not work I can easily enter the second. Not sure that is much security but it seems to work. Sagemta's method sounds like the most reasonable if you do not lose the code book. I think my cat would hide it away since she likes to do that to all my important things.
On some of the more ridiculous sites to have passwords I will sometimes enter Stup1dPW. I can sometimes remember this. If I recall correctly a lot of people will use variations of their name and Birth date. Probably not good since these can be figured out by those that know us. Just like simple words are open to dictionary attacks.
This Topic Is Locked To Guest Posts
It's been a while since this topic was active, if you'd like to get it going again, please post as a registered member
