I am terrible with passwords. I probably have less than a half dozen passwords in total for all the various site memberships and stuff in my life. (That’s not counting work stuff — I keep work passwords completely separate from personal passwords.)
There’s one particular “not very secure” password that’s a variation of an ancient unix password dating from the early 90s which I use for any random two-bit messageboard I sign up to, and then there’s a slightly more secure password for more serious stuff, and a couple extras for situations where those don’t apply for some reason.
It’s a crappy system and I use it only because I am too lazy to do it right. I suspect a lot of people are like that.
Well, some brilliant dude came up with an easy way to do it a lot closer to “right.”
Here’s the scheme: you think up one decent “master” password. You never use that password directly for anything. When you need a new password for a site, you plug that “master” password plus the domain name of the site into a nifty little javascript program which uses the two of them to generate a unique small password (like ‘tf8d83458’), which you don’t have to remember. You don’t have to remember it because that password is made out of the domain name + your master password, you you can recreate it at any moment by plugging the two of those into an appropriate program.
All you have to do is remember your master password, and you can recover your site password instantly whenever you need to, for any site. And nobody has your master password but you.
All the hard work is done for you by the Password Generator, with an easy to use bookmark option. Password Composer is a somewhat slicker version of the same algorithm, with a bookmarklet version, and for Firefox users, a Greasemonkey script and a Firefox Extension version. The two are compatible with each other.
Highly recommended. I’ve begun changing all my passwords to these versions.