Personal IT: Password management

May 26, 2005

Managing the myriad of passwords for systems is a huge headache for everyone. Personally I use the KeePass software to keep a complete list of all passwords.

It’s good to get in the habit of making passwords around 8 letters long that use a combination of lower case, upper case and numerics. This seems to be the sweet spot for getting through the various “security enforcing” password systems. Of course, with each one subtlely different it’s a nightmare trying to do anything consistent. I like to use simple word / number combinations (e.g. song title & length in secs) or words with some letters substituted for numbers (e.g. t00thbru5h).

I have employed a system for many years of having a secret number which is combined with a sensible keyword on each site (e.g. blogger5147, gmail5147, etc). Unfortunately this means that should the number become compromised you have to change all your passwords. Some protection to this can be offered by having different numbers for different levels of security, but the site owners may still store the raw password and be able to compromise you in other places.

At Synop, we’ve employed both the above systems to good effect even as the company and number of passwords quickly grew.