So far, my strategy has been to have three tiers of passwords:
- a very strong one for my email and banking
- a moderately strong one for accounts that I somewhat care about
- a laughably weak one for throwaway accounts
- Easy to use.
- Passwords are encrypted locally and never leave your computer.
- It's available as a browser plugin.
- It's available on Linux, OS X and Windows.
- It's available on mobile devices.
- What is your eldest child's middle name? (I don't have any children.)
- Who was your first employer? (Easy to find on LinkedIn.)
- What is your father's middle name? (Somewhat harder to find, probably not impossible.)
- What is the name of the street you grew up on? (Easy to guess if you know where I went to primary school.)
- What was the name of your first school? (And the name of that school is probably on the untrimmed version of my CV.)
- Name a memorable character from a film or book or TV (I wouldn't remember what I'd answered to this one.)
- What is the make and model of your first car? (I never owned a car. And if I still had it, it'd be parked outside my house for all the world to identify. Maybe even on Street View.)
- Name a memorable meal (What?!)
- Name a memorable restaurant (Actually, this one might work for me. But for close friends, my answer would be easy to guess.)
- What is your memorable answer?
Management: "Passwords are too hard. I forgot the password to my email for the third time this month. IT people, make our site use a secret question instead."
IT person: "But they are less secure. They're easy to guess for outsiders. We're a bank, right? We manage people's money."
Management: "I have to rush off to a meeting. You know what to do."
IT person: "Just one more question – what secret questions should we use?"
Management: "You're the expert. Figure something out."
IT person (trying to suppress a grin): "OK, will do."
#1: Charles Schwab
- The password must be at least 6 characters. So far, so good.
- The password must contain at least one digit. OK.
- The digit must be between the first and last characters. What?
- The password must be at most 8 characters. What?!
- The password may not contain any symbols. WHAT?!
- The password is case insensitive. WHAT?!