Always a good reminder. I had a server brute-force hacked about a year ago. If I had a stronger password they most likely would never had gotten in.

Now I use mixed case letters with numbers and special characters... Each adding a exponential layer of difficulty for brute force attackers.

It may seem impossible to remember at first, but if you break into smaller pieces and relate them to something, a safe password can be just as memorable as a dictionary word.

all 100 passwords!?!
=8)

And don't have them on post-it-notes under your keyboard :)

Mack.

I don't believe in routinely changing passwords - it simply increases the likelihood that I'll forget one. Nor do I believe in mixed case or non-alphanumeric characters (unless limited to a short password).

I normally use passwords that are miss-spelled, and/or composites of two or three words. No one can break a three word combination by brute force when those words are a reasonable length and unrelated and the attacker has no idea that he even needs to use three words.

Kaled.

I have several thousand passwords. All are randomly generated. Each site gets its own password. I make them as long as the site can handle.

I occasionally generate new passwords for sites that I frequent, but others I never change. It would be way too much work to do that.

I'm dang lucky to remember my own name when I wake up each morning. Changing my hardened passwords today is... uh, what were we talking about?

I can't tell you how many times I've heard that from clients! I can't get them to rotate passwords for love or money. And I can't get them to stop using the same passwords on every site they visit!

_{Path of least insistence leads to path of most resistance.}

I can't get them to rotate passwords for love or money

Worst case I ever came across was in the warehouse of a company that I used to work for. Instead of requesting authorities appropriate to people's roles an ID and password for each role was stuck on the appropriate monitor. We discovered this when management wanted to know who had screwed up an important invoice and the audit trail gave the ID of somebody who had left three months previously.

We had automatic expiry on passwords but the operators were simply changing the expiry dates on leaver's passwords and the warehouse simply renewed them and changed what was written on the post-it.

For my own passwords use two basic passwords with variants for mixed case and numerics. As long as nobody knows the two base passwords they can't interpret the coded list that I need to keep to remember which sites require mixed case, which require numerics, which require long passwords etc. Not ideal but better than getting locked out every time I need to pay a utility bill.

Hi all. For my important passwords, I use a pattern on the keyboard. Example: zse4rfvcx (a triangle).

Kewl... something more for the hackers to have fun with. (Some things we do not reveal in public)