<div class='os_post_top_link'><a href='http://www.theregister.co.uk/2005/05/06/verisign_password_survey/' target='_blank'>http://www.theregister.co.uk/2005/0...assword_survey/</a><br /><br /></div><i>"Americans are just as blasé about password security as the Brits, according to a new survey. Two out three three people (180 of 272) approached in a downtown San Francisco street by researchers were happy to provide their password in exchange for a coffee gift card. . . Of all respondents, 57 per cent reported having four or more passwords, and 79 per cent reported using the same password for multiple websites or applications, a practice that means one stolen password could jeopardise multiple accounts. The survey also found that some people continue to store passwords on Post-it notes. Other popular locations for passwords include the contacts folder of email applications, on PDAs and in the notes function of a mobile phone."</i><br /><br />PDAs are popular locations for password storage? Fancy that! With the number of passwords we have to remember these days, is there any better way than having them encrypted into your Pocket PC? The question is, did people really give out their real password to the researchers? We all know that people can be a bit lax with their security details, but giving out your password for a gift card seems to be taking the biscuit. (It probably goes well with the coffee ;-)) So how many separate passwords are you guys keeping track of at the moment?

I have at least 4 different password "sets" going on at any one time. I use them in sets of similar passwords to compartmentalize things. i.e. I have one set that may all be similar or relative for work, one set for home computer usage, one for online email accounts, one for forum logins, etc.

Going through CISSP training and reading any Bruce Schneier will make a paranoid believer out of you :wink:

Sax

I have two main ones, and a third that I sometimes use. Two of them are alphanumeric, and the other is just words.

I also have a forth, but use it very rarely now.

I have at least 4 different password "sets" going on at any one time. I use them in sets of similar passwords to compartmentalize things. i.e. I have one set that may all be similar or relative for work, one set for home computer usage, one for online email accounts, one for forum logins, etc.

I do something similar. But in addition, for the really strong stuff, I'll have my password safe generate a funky random password with punctuation and all that. Then I'll do cool things like having the software pass the password to the an application on the command line so I never have to type it in or whatever. I highly recommend KeePass (http://keepass.sourceforge.net/) for secure password storage. Not to mention that it helps me keep my "low security" passwords straight in case I forget which one I used. There is a Windows and a PPC version too.

Going through CISSP training and reading any Bruce Schneier will make a paranoid believer out of you :wink:
Ain't that the truth. :)

We all know that people can be a bit lax with their security details, but giving out your password for a gift card seems to be taking the biscuit.

How do they confirm that it is a real password? I'd be tempted at least to lie and give out a fake password for gift card.

Between home, personal web browsing, business web browsing and work networks/application access, banking/cash machines/credit card pin's, I estimate that I have at least 15-18 passwords on the go at any given time. Lower priority passwords are typically the same, or with very minor variations - most of the work passwords are more random in construction, and again, I use slight variations between network and application access passwords. Banking passwords are typically random generated 10-12 character passwords which are impossible to remember! Only way to keep it all safe (and sorted!) is in encrypted file (eWallet) on PDA, which also has a password! :mrgreen: I find myself referring to the file at least once a week because I have so many passwords, deliberately different, that it is hard to keep them all straight. Luckily, I haven't had to have passwords reset too often because I always have them handy in my PDA.....at least for as long as I remember the eWallet password..... :wink:

Can I give you my password for a free PPCT subscription? :D

Oh man...I was thinking about this the other day...

For personal use I probably have 10 or so login and email passwords. Combine that with work...another 20-ish... I probably have to keep track of upwards of 30 seperate passwords 8O.

I do compartmentalize some of them, using similar passwords for similar areas, but still I would be lost without encryping them on my PDA. At least then I need to only remeber one password.

So when my iPAQ was stolen nearly 2 years ago, it really hurt having to come up with all new passwords. (Feel free to call me paranoid...even with the encryption on my poor stolen iPAQ I still felt the need to reset them all :lol: ).

"Two out three three people (180 of 272) approached in a downtown San Francisco street by researchers were happy to provide their password in exchange for a coffee gift card. . ."
I'm curious exactly what password they asked for. As others have said, lots of people have multiple passwords, so knowing some random password wouldn't help unless you knew what it was for.

Like others, I keep classes of passwords. I have one for forums and other places where money isn't involved, another one for eCommerce sites and another one for high-security items (my router, eWallet, etc.). Even that one, at 10 characters, isn't too difficult to remember -- it's somebody's initials (not mine :-D), my ATM PIN and three letters that I easily remember. I've narrowed it down to just over 3 trillion (US) possibilities, so guess away. :lol:

None of the passwords use words, though, so they aren't subject to standard dictionary attacks.

Steve

Can I give you my password for a free PPCT subscription? :D
Sure, PM it to me. :rotfl:

Steve

So how many separate passwords are you guys keeping track of at the moment?
According to SplashID -- I just did a count -- over 50 different passwords. It's a breeze. I only have to remember one (the one that gets me into SplashID; and you better believe that's a doozy!). This is becoming more and more one of the best uses for my PDA.

This is becoming more and more one of the best uses for my PDA.

Yup, that's what I was thinking as well. The ol' external brain is becoming more usefull by the day. :D

i need to remember passwords the old fashioned way ... REMEMBER it :)
since i'm not always on the same machine, and on multiple platforms, i go with a pretty hard to guess and definately not in any dictionary word-number-combination.
online banking you get a system-generated number, so even if someone guesses my password, all they can do is get into some of the forums i've subscribed to and get me banned.
but financial security is definately not compromised.

if i were one of those people polled, i'd just invent one ;)

i'm such a con-man, lol.

&lt;Homer voice> Mmmmm, biscuits and coffee... &lt;/Homer voice>

I have about 25 different passwords...that I can remember. And I keep most of them password-protected on my 2215. A few I have stored only in my brain, which can become a problem when I have to reboot. :?

I have about 50 passwords in my eWallet (I use the PC and PPC versions synchronized.) They are all completely random collections of upper lower and numbers, sometimes punctuation, if the system can handle it. Some of them I've never typed (always just copying them from eWallet, and pasting into the login form.)

I would give someone a password for a free latte. My passwords that matter (work and home PC logins, VPN ,etc.) all get changed every 30 days anyway. I could ust move one of them ahead a little. Chances are, I could log in to the site with my Jam, and change it right then.

I keep my 20+ passwords on my PPC in eWallet. Also I find it helps to hide that PPC in a herd of other "decoy" PPCs to reduce the odds of a thief stealing the "right" one. (At least thats what I say when I'm asked..."well, just how many PPCs do you need?" :wink:

I have perhaps 3 tiers of passwords that I create my self. All of the however are not real words.

To create a password I think of a phrase, then take the first letter of each word.

Depending on what tier, some of the letters are substituted by numbers and special characters. I haven't gotten around to incorporating mixed case yet. I have a friend who just alternates the case in his passwords.

I probably have about 10 to 15 unique passwords excluding the numberic prefix that some get. :oops:

And they're all kept in the previous version of CodeWallet. Though it may be time to either upgrade or convert.

I'd make up a password for the survey. Mostly because I hate useless unscientific surveys passing themselves off a real.

That and the fact that I might need a caffeine fix. :D

I have so many differant passwords it scares me some times. I keep them all locked away with 512bit encryption and a 28 digit password (the first one to guess it wins a prize!!!)

Let me pose a different question regarding everyone's passwords. Are your passwords used for sites that your immediate family might need to access if something serious were to happen to you ? (Let's hope it doesn't...but as the old saying goes "born to die").

Let me pose a different question regarding everyone's passwords. Are your passwords used for sites that your immediate family might need to access if something serious were to happen to you ? (Let's hope it doesn't...but as the old saying goes "born to die").

I'm pretty sure that if/when I die websites will not be the way my family will be trying to get a hold of vital information.

Of course a lot can change in 100 years. :D

"born to die" was the german translation (!!) of the movie "cradle 2 the grave".

what is it with these translators? "reindeer games" became "deadly christmas", for example.
if you want an english title, just keep the original one and not make up a new one.
confuses the hell out of me when i look for DVDs.

anyways ... that was a completely useless post ... and i apologize.

a cool thing to seems to be the microsoft fingerprint keyboard.
you get a program with it where you train the scanner to input passwords.
so when i open up ppct.com, and i press my finger on the scanner, i get logged in automatically.
that's what it says in the mini-review i read.

so what happens when you need to reinstall?
could something like that work with a fingerprint-scanner-equipped PDA?