Best of Reader Comments: Passwords

After recent articles about passwords - see Security nightmare: How do you maintain 21 different passwords? (http://www.silicon.com/a56760) and How clever are you with your passwords? (http://www.silicon.com/a53600) - we received some interesting ideas.

We wanted to know the latest ideas you've had to remember or record the ever increasing list of user names and passwords we all seem to have. Here is some of the feedback we received...

From: John Samuel
It's not just the enterprise

I have 136 passwords for websites as diverse as silicon.com, FT, Amerada, BT, Gartner, McKinsey - all with their own different rules. I think I manage these securely. But, memorise? How? Speaking to end-users, it slowly dawns upon them the uncontrollable mess they dig themselves as they accumulate the barnacles on the good ship internet.

From: Anon.
System Integration is the key

If systems within companies were better integrated then we could move towards a situation where a user had only one password. There would then be a much better chance that the user would remember this password and not write it down. The current situation places an impossible burden on users and it is totally unfair to blame the problem on them.

From: Chris Hill
21 passwords - Pah!, that's nothin'

I just checked my password database on my PDA, and I have 110 passwords and access codes in it. The database is password protected, as is the PDA, with a different password.

From: Anon
Letters become numbers

Take a fairly mundane word, ensuring it has at least one E O or I in it. Out word is 'goldfishes' for example this becomes 'g0ldf1sh3s' which is memorable, readable but still difficult to crack. You can even leave the plain text version in a file or on bit of paper if you need an aid to memory.

From: Anon.
Evolutionary

You'd do yourself a favour if you look at www.realuser.com as a solution to the problem of remembering passwords. Answer: don't remember them. In fact, forget them: leave them to the individual's unique capacity for recall. It works for monkeys and sheep... and they can't write down anything or compromise their evolutionary flight-or-fight recognition responses. This isn't weird, it's nature! Very simple high-tech nature.

From: Jerry Brockway
PDA solution

Have about 76 different passwords which I use most often. Maintain these on an electronic organiser which is not kept at computer site. It is small enough to fit into shirt pocket 'bring it to work' and take it to another desk in another part of building. It is password protected, programmed to yield only through one of 300+ phone numbers.

From: Hugh Barton-Smith
Buy a Mac

And use the totally secure KeyChain facility for storing all passwords. Not surprising that Microsoft hasn't come up with that one - there's hardly any point aiming for security in Wintel land :-)

From: Pete Appleton
System integration

Agreed - in many ways, MS's Passport was a good IDEA (the implementation sucked). Not only do users have multiple passwords within one organisation, even a small site such as mine but then you have all the external services. It just isn't practical to remember 50+ passwords. Therefore, I don't see any point in blaming users for being human and writing them down. The best I try to get from my users is having them store their passwords in a reasonably secure manner (ie not a post-it note)! I certainly have some of my passwords stored, especially the ones I only use infrequently.

From: Anon.
Readable random password generator

We've written a 'readable random password generator' which is available at:
http://www.webcogs.com/passwordgenerator.asp
It has not generated any rude words (yet)!