Password puzzlers and other reader concers

By Rob Pegoraro
Washington Post Staff Writer
Saturday, November 20, 2010; 6:21 PM

Every two weeks - sometimes more often - I answer readers' questions on our site. The following exchanges, edited and revised for clarity, come from Friday's Web chat.

I've written before about the pain of having to memorize too many passwords, and that topic came up early on in the hour-and-a-half session:

Q. I use the same password, either with a 1 or without, at many sites. I do know how stupid that is, but I'm also terrified of trying to keep up with a boatload of passwords. Any ideas?

A. It's okay to use simple passwords on low-value registrations - where losing your account wouldn't threaten your money, your health or your privacy. For the rest: Sorry, you need strong passwords - not one, but many, because you don't want the compromise of one account to allow a crook to roll up the rest of them.

My favorite advice about memorizing passwords comes from security expert Bruce Schneier: Write them down on a piece of paper (without clearly labeling which site goes with which password) and put that in your wallet. You know how to keep your wallet safe, and if somebody does steal it, they'll likely take the money and the credit cards and toss the rest.

Later in the chat, a reader offered his suggestions for implementing the wallet idea:

"I don't label which password goes for where; I usually put them in alphabetical order or reverse alphabetical order of institution, but I also throw in the date I changed them (1119F would be a possibility if I changed them today [Friday, Nov. 19]) and the date I will change them again (M3FECGE - 3rd Monday in February I will change them)."

Another reader suggested two ways to generate new passwords that would be somewhat easy to remember - one of which can be called autobiographical:

"I have a base password (ex: WaPoSt) and just write down the variations for each site. Like "+ff" or "zero for o, 5 for s". The list is stored in a file on the computer. Eeven if someone gets the file, they still have to figure out the base password, which is not part of the password for the computer. For PINs at banks and such, I use the phone numbers of girlfriends from high school back in the early '80s."

A third had a software fix in mind:

"For passwords, you can also use software that stores your passwords in an encrypted database so you only have to remember the one to get into the database. I particularly like 1Password on the Mac and iPhone (on which you can set levels of protection - enter a PIN to see some passwords, but enter a master password to reveal others)."

Apple's iPad figured into multiple questions - not all of which I could easily answer.

CONTINUED     1        >

© 2010 The Washington Post Company