A lot of security experts say that if it lets you follow all the other rules and not keep reusing the same password write you passwords down. A written password is a lot harder to hack than most easy to remember passwords. I can see that in a home environment, but I wonder about that in a work
environment.
Also, those stupid security questions everyone makes you answer in addition to your password are actually security holes. Many people whose password was well protected have had accounts hacked because of security questions. Mother's maiden name and high school, street name of your first home or whatever are researchable. The name of your first pet may or may not be researchable, but is probably guessable. What they suggest is non-sequiter answers that you can remember or that you write down. So the high school you went to might be "STD incubator". And the name of your first pet can be answered as "Eat a muffin, whitey". Neither of these are what I actually use.
"consciencedocost"
is a fine password. Though you may find yourself reusing
"whatthef**kdidido"
an inordinate number of times.
What they suggest is non-sequiter answers that you can remember or that you write down. So the high school you went to might be "STD incubator". And the name of your first pet can be answered as "Eat a muffin, whitey". Neither of these are what I actually use.
I pick a letter for all of the answers to start with and start making stuff up. Of course those end up hidden in my wallet but no way am I answering them for real. And I pick the weird choices.
Relatedly, I just had JZ print out a list of all the passwords we use on various systems. To cover our cable service, our Roku, Netflix, Amazon Prime, Hulu Plus, WiFi, FasTrak.
That's not even counting our personal email accounts or bank stuff.
I've got my passwords in a file buried several layers down on my tablet which has a password on it as well.
At work our passwords have to be a specific length and a combination of numbers and letters wtih at least one capital letter, no special symbols. You can change the last number/letter and it will work. My current password has been too easy to guess so I need to change it.
For awhile I went with last name of hockey players combined with 2 jersy numbers of differnt hockey players. I've also used fannish stuff like RayNFaser4Evah!1! or EliotParkerHardisonotp34evah which is really long and I probably wouldn't use that one.
Even though the discussion is kept general, some of those generalities are categorical enough to make life easier for someone someone with bad intentions. Some of us may want to examine our posts with paranoid eyes, and edit them slightly. Cause this board is public, even if search engine unfriendly.
No matter how slick my patterns, I couldn't get by without a password manager. I have nearly 200 passwords, but I can drop that by ten or more by losing work passwords.
I've been known to use P@ssW0rD when I'm asked for passwords for useless sites.
Oh, yeah, I have a standard not very secure but easy to remember password for things I don't really think need passwords.
