floplot wrote:
Hi
There really is nothing wrong with the old fashion way of writing them down and keeping them in a safe and secret place also, that is if you remember where you put them. That reminds me of my mom who is now gone. She used to hide her jewelry in the house and then drove us crazy having to help her find them.
My son who has N360 told me he bought a separate program that keeps track of all his passwords.
There is a great strategy for handling written passwords. Offset all digits by one.
For example, suppose your random password is: 0ah78k9.
You would write down: 1ah89k0.
Because it is the same strategy for all your passwords, it is easy for you to remember. Because the passwords are themselves random, it would be almost impossible for anyone with access to your list to know how to decipher them.
There are almost an infinite number of strategies. Offset digits up by two or down by two. Offset even digits up one and odd digits down one. Offset letters up one and numbers down one, then write in reverse.
If you were doing this to a non-random password, it could eventually be worked out. For example, computer programs could return KFGG to JEFF without too much difficulty. But since the original password is random, no amount of shuffling is going to expose the password to anything recognizable.
And now that you got the idea, there are other ways to play with this that will further disguise your password, but which are so simple you could easily remember them.
Another good practice is to use user names when a website offers that option instead of account numbers or email address. And your user name should have no similarity to your email address. Most such sites lock down when a user attempts to access them via their user name with too many tries. You can then be notified at your email address what to do next.
Keep in mind that your email account MUST be the most secure of all accounts. Why? Because it is via your email account that other accounts settle problems. If someone has hacked your email account, all they need to do to get access to your credit card account is provide the email address and request that it be reset by sending a response to your email account. Best practice is to have at least two email addresses, one for every day communication and the other(s) solely for online financial sites. The addresses should be dissimilar. That way no one would have a clue how to access your Visa or Mastercard account.
Sidebar:
I wish all websites would follow a similar but more effective strategy:
1. You get a user name which, with a password, is your sole means of logging on.
2. You supply two email addresses (or one email address and a phone number with a related verbal or keypad password).
3. Anytime someone makes too many unsuccessful log-on attempts, the account is locked.
4. To unlock an account, the you use your primary password to make the request.
5. The unlock steps are sent to tyour secondary email address or retrieved by calling in from the phone number of record and providing the related password, either verbally or from the keypad.
This strategy would protect about 99.99% of all accounts. It would take almost a spy agency to get all these things in order (and it have to happen before you noticed what was going on). Since we are talking about blocking web-based hostile forces, you can be confident that your accounts are safe.
Message Edited by mijcar on 01-09-2010 06:00 PM