1
tldr; How do people manage their myriad passwords safely and easily?
Personally I have about 4 different accounts to supercomputers that are 'high security', 3 different e-mail accounts with sensitive personal information, 2 online bank accounts, maybe 10 online accounts which have access to financial information, and then probably 100 additional accounts to random webpages (etc).
Each of these wants me to have a 'high strength' password, i.e. letters + numbers + symbols + cases - whole words or phrases. The important accounts shouldn't be written down anywhere, and none of them should be duplicates. And finally the supercomputer accounts generally have to be changed every few months.
I'm looking for a system, or procedure that I should be employing to manage, organize, or otherwise deal with all of my passwords. I think this is a topic that would be useful to most people. Perhaps there is no solution that doesn't break one (or more) password good-practice rules.
@MarcksThomas Because no "well-known application" has ever been hacked? http://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/ Not that other a strainer algorithm is better. http://xkcd.com/936/
– McKay – 2015-08-17T13:54:23.710Random strings are hard to crack. Manipulating important dates and names into a password is actually far less safe than trusting a well-known application to store good passwords. – Marcks Thomas – 2014-03-12T17:08:53.277
I am not suggesting the use of dates and names directly. My suggestion is to mush them thru a strainer algorithm, rules of which are only known to you. Such as: take the second digit of the street number at my first address, add my college student ID transposed, add my fathers childhood nickname (converted to ascii if we are staying in numeric realm) and the add the digits in my mother's birthday date and append the result to this string. The final product will not make much sense to anyone, even if they know the intrinsic details about your life. – MelBurslan – 2014-03-12T17:15:19.997
I understand, but I think it's a bad advice because it's hard to gauge how complicated the algorithm should be. If you're confident no human will ever come close to cracking your system, a computer may still be able to do so in seconds. Moreover, you cannot assume the rules are secret. The algorithm could be (partially) broken if a single password is brute forced, stored in plain-text, observed over the shoulder, or if you're spotted consulting an ascii table or if you voluntarily publish it in a comment on Super User. Suddenly, all your passwords are comprimised. – Marcks Thomas – 2014-03-12T22:01:47.333
I see your point but I am in this field long enough not to disclose my actual password generation algorithm in public forums. This was just a suggestion. Considering the number of irrelevant pieces of information one might have could be practically countless and the methods chosen to mush them can be even much more, anyone with half-a-brain can come up with passwords that are harder to crack by brute force. – MelBurslan – 2014-03-13T01:38:05.647