Does anyone remember that cartoon from the 1990’s, Animaniacs?
It was a pretty good cartoon for its short run. One of the segments that they aired was called “Good Idea, Bad Idea”. It was a short clip segment. It would go something like this:
It’s time for another good idea, bad idea. Good idea: giving a small child a balloon. Bad idea: giving a small child a bunch of balloons (and the child then floats away).
It was a humorous segment. And that brings me to advice that computer security experts give. Good idea: using good password policies for all of the sites you visit on the web. Bad idea: using different passwords for every site.
Why do I say this? While we should always use good passwords (like letter/number combinations, nothing obvious like “123456” and “password”), it’s completely unrealistic to have different passwords for every site if you have a very wide reach on the web. Consider myself:
In total, I must have close to thirty different sites at which I login to. How in the heck am I supposed to remember 30 different usernames and passwords? On at least 1/3 of these sites, I have forgotten the password and I have to reset it nearly every single time I return to the site because I login maybe once a month. It’s so frustrating! I know that using different passwords is good advice, but how realistic is it? Humans cannot remember that many different combinations of things without resorting to some memory tricks. Even then, it is still difficult.
There must be a better way.
You should simply use some logic to "alter" your main password adapting it to the specific service.
Just invent your own "transformation": it should not be "guessable".
E.g: you could add a number, the number of chars in the domain you are logging in, the second letter from the domain you are logging in.. you can add transformation, like substracting the number from another number, or altering the letter with your own algorythm.
Otherwise you can use an online password manager like www.clipperz.com and www.passpack.com. I'm sure that clipperz have almost no security implications because the password are stored encrypted in their servers and they cannot gain access to your passwords.
It helps generating different passwords for each service and simply use a single phrase to use them all.
I have the same problem, and I manage it by using an encrypted password vault. I have a copy on my laptop and one on a USB stick that goes with me everywhere. Not ideal but way better than trying to remember 70 (!) different passwords!
I've been using KeePass for years, it's excellent and free. You can use something like dropbox and have access from anywhere or dump it on a USB stick
Features:
Powerful and secured
KeePass is a secure password manager that allows you to store your sensitive login information in an encrypted database.
It allows you to organize your entries into categories and offers several ways to conveniently enter your username/password.
Easy to use
you can use drag and drop, copy to the clipboard, or create auto-type sequences that can enter the login information with a single click.
Many optional features
you can use drag and drop, copy to the clipboard; other features include password generator, auto-lock, database search, import/export, and more.
Safe
KeePass encrypts the database with the AES or Twofish symmetric ciphers, both among the highest advanced encryption standards.
Free!
www.keepass.com