As you should already know by now, today is Change Your Password Day. Maybe you're overwhelmed. Maybe you need ideas. Well, what do the pros do? Your very own Gizmodo writers use the very best (and very worst) techniques.
Alex Kidman I've used (and tested) a variety of password managers, and while I like 1Password a lot, I tend to use a simple mnemonic structure for password creation that's so far served me well; I can remember it based on its format for most sites, and it passes every "strength" test I've ever hit with flying colours.
For services that I figure I'll use only once, I've got a secure-but-dumb password as well; that's only for things where there's no link to other accounts and I wouldn't much care if I lost access, though.
Elly Hart I'm shamelessly lax when it comes to password security. My passwords are all essentially the same, except for a small change with some of the letters depending on the service that requires the password. I know it's bad, but this is how I remember all my passwords successfully. And I haven't been hacked... yet. I tell myself that it's OK because I use a mixture of uppercase and lowercase letters, as well as numbers. I've recently started using LastPass and the aim is to improve the strength of my passwords that way. We'll see if that ever happens.
I have a handful of root passwords that I modify for websites, depending on security level. And email and financial both have distinct root passwords not used anywhere else. But for CHANGE YOUR PASSWORD DAY, I'm switching to a password manager with unique, complex passwords for everything, even my Pinterest account.
I should probably be better about this, but I rotate three different passwords that are random alphanumerics. I don't change them as often as I should.
Same password for everything: my social security number and my mom's maiden name.
I've started using this method for my passwords: a string of random words instead of one word with random characters.
I've pretty much been using the same password, with minor variations, since 2000.
(Regarding password managers like 1password he says:)
I log in to devices that aren't my laptop pretty frequently...friends' computers, at my dad's place, reviewing phones, etc. I don't want to have to use a password scheme that requires Dropbox -- I admire your discipline, but I think that'd drive me nuts.
I use a similar technique to Robbie. Oh, and I use 1password to keep it all straight (synced across multiple computers with Dropbox). It is nuts. It's totally nuts. And every time I get a new device, it's useless until I get 1pw and dropbox on there.
My passwords for commonly used services (Google, Dropbox, Amazon, Twitter, etc) are memorable, if tough to guess. But how often are you on someone else's machine? Is that a frequent problem?
Also, if you've never looked at the "easy gawker passwords" file from the hack last year, it's worth eyeing. So many are dictionary words.
I use 1password. I sync it to my phone with dropbox which helps me log in from multiple computers, but it can be a pain.
I use 1password. All my passwords are a) 32 characters or more using passphrases and changed characters ($, 3, 1) plus numbers or b) completely random generated at maximum size.
My iPad and computers all have long passwords (16 characters minimum) composed of random numbers and modified words. iPhone has a shorter one.
Brent Rose (Me):
I came up with a simple formula that I plug a site's name into, so I can always remember the password (or figure it out within a few seconds) but I have a different password for every site. Planning on adding a level or two of complexity later this year. It's dorky, but it's been working really well for me, and I don't trust password managers. Single point of failure for all of my passwords = no bueno.
The only password manager I trust is the one on my encrypted biometric USB dongle. I then handcuff said dongle to my wrist for an extra layer of protection.
I'm heavy on mnemonics like the system Robbie posted. But it was after a college psychology professor told us a simple one to remember his office number, which has still stuck with me to this day. I'll also roll the important ones before and after something like CES, when I know I'll be on and off different wireless networks throughout the week.
I have a way of creating a mnemonic for every site I use, and then a method for swapping some letters out to become numbers. I change the way I create the mnemonic and the way the letters are swapped out from time to time. Now I've written that down, I cant believe how nerdy it sounds.
And the winner, for geekiest answer of all...
Right now I use an algorithm similar to Brent, although I am in the process of writing my own encrypted password manager.
What do you do? And more importantly, what will you do after you change your password today?