So, that happened and I had to spend a considerable amount of time choosing new passwords.
I really didn’t write about how I manage my passwords. I thought about writing this tip because it’s a game of battle between convenience and confidentiality.
People choose weak passwords because they are easy to remember. But easy to guess at the same time. People use the same password with many websites so they have to remember only one. However, a stolen password unlocks an entire treasure for an attacker.
Despite there are password management tools available I completely rely on my brain. But how many to remember? I have 50+ things to protect with passwords. Am I going to use a single password for all? No! Am I going to use 50+ different passwords? Again no! This is where you have to balance between convenience and security.
First I add all of my things (machines, routers, encrypted archives, websites) into a task management tool. I don’t remember each of them in hand, so as I remember them I add them to my backlog.
My backlog has several lists.
- Physical assets – computers, backups, routers, mobile phone, etc
- Office – work related ones, anything that belongs to my employer
- Finance – bank, anything that has access to my money
- Critical – email, anything that has a serious impact on my privacy
- Medium Importance – as it says
- Low Importance – I don’t mind losing these accounts
- No SSL – websites that are non-HTTPS
- Untrusted – websites that I suspect for storing passwords in plaintext
Passwords built for each of these sets will follow a different text pattern that is a synthesised fake word. Want an example? Read about how Google caught Microsoft red-handed and you’ll see a couple of examples there. I synthesise fake words that do not even exist in the English dictionary. Fake words that I haven’t even googled to find out existence. While it’s all echoing in my mind, I don’t even whisper them in the shower.
Next thing is l33t. I make it pAr3!@|ly l33t. Randomly by making sure my new contains upercase, lowercase, numbers and punctuation.
Eight different fake buzzwords –> eight password skeletons –> many number of passwords
That’s how changing passwords work for me. It’s could be several hours of effort. Next steps are training my fingers for the new password, and then following my to-do list to change 50+ passwords, one list at a time.