I reckon I have over 1000 unique passwords. Kind of extraordinary when you think about it.
Obviously it would be impossible to remember 100, let alone 1000.
So I use a password manager. It not only generates passwords that are more random than any I am likely to dream up, but it also remembers them for me.
Of course, you need a strong password to control access to your password manager… and you have to remember it. Maybe that should be one of those “three random words” passwords you describe, perhaps with some other non-alphabetical characters sprinkled in for good measure?
Many thanks for your detailed advice. I have two considerations:
1. I’m wary of giving my passwords to a password manager in case it is hacked.
2. As I have only 20 passwords at most, I’m not sure if I can justify the expense of a password manager.
3. I like the idea of using my memory.
However, that being said, I will mull it over, sleep on it, read the reviews, discuss it with my friends and significant others — and then snap into action.
Twenty decent passwords is a fair number to remember, and those made up of 15 – 20 random characters are harder. On the other hand, decent password managers can be found that do not cost money. I use keepass, in part because it is OS agnostic and not dependent on any kind of activity and, for those who need or are inclined to extreme care, can easily operate from a database on a secure USB key or other portable/removable storage. There are others.
Using your memory is a good, healthy thing. But so is keeping your sanity. Take it from me. You want your sanity (actually, you need it). So use your memory for other things (doesn’t matter what it is, just as long as it doesn’t compromise anyone’s security). There are books on how to develop an incredible memory but even then I doubt it would be sufficient.
Notwithstanding very rare extreme cases, you won’t outdo a password manager. Also, keep in mind that it isn’t only long but also complexity. For instance, a password with each letter of the English alphabet (in some pseudo-random order, and perhaps in upper and lower case) with numbers put in it might be long, but isn’t exactly complex. And security is more important than using your memory, in this regard.
What you’re referring to is more like a passphrase but a three word passphrase seems rather short if you’re going that route. You could look into diceware though, if you really want to do that. I would say it does have some value, but you should be careful in all cases.
Besides that, the only way around it is if you have a really good algorithm for unique, complex passwords. But you would have to be able to remember these passwords, too. Oh, and easily input. In short, it isn’t nearly as easy as you might like (or indeed as most people would like).
Please login first to submit.