Member_2_2484401

<div>
Thanks to all who responded!<br />
<br />
n2fc: Thanks! Those are some good suggestions<br />
<br />
David Favor: if your password is truly random, how do you remember the one for each site?<br />
<br />
btan: thanks for the suggestion to increase the minimum length<br />
<br />
Lee W, MVP: &nbsp;thanks! If you use a different passphase for each site, how do you remember it?<br />
<br />
Learnctx: thanks!<br />
<br />
Terry Woods: Thanks! How do you remember the passwords for each site?
</div>


<div>
Web browser password managers and Keypass.
</div>


<div>
I've been using LastPass which is a (free) cloud based password management tool that is installed to each browser you use as a browser extension. It requires an email address and master password to unlock.<br />
<br />
Keypass, as I understand it, creates a local database file containing all your secret data; it requires a master password to unlock.
</div>


<div>
KeePass is nice and a free open source password manager too. As mentioned it is local database. Essentially a flat file encrypted and protected using one single master password or select the key file to unlock the database. Also there is notebook and mobile phone version<br />
<a href="https://keepass.info/download.html" rel="ugc">https://keepass.info/download.html</a>
</div>


<div>
I put my Keypass database on OneDrive. &nbsp;It's accessible to me through iOS, Android, Windows, on any device I have. &nbsp;And even if OneDrive gets hacked, they have to then hack Keepass... so I feel fairly comfortable this way.
</div>


<div>
So, bottom line, none of you have to actually remember any passwords since you store them in some form of an external database. That's cool. Thanks.
</div>


<div>
I make a point of memorising just a few important passwords: my master password for LastPass, my email account passwords for accessing webmail, and my internet banking password.
</div>


<div>
Personally, I use a password &quot;algorithm&quot; to generate a distinct password for every site. There are an infinite number of possible algorithms, but as long as I stick to the pattern, I don't have to remember ANY password. I just need to remember the one algorithm.<br />
<br />
For example, here's a sample algorithm:<br />
<br />
- use the first word in name of the site and increment each letter by 2 characters<br />
- append the &quot;number of characters in the password plus 5&quot; to the end<br />
- change the third character to a dash (&quot;-&quot;)<br />
- lastly, repeat the same list of digits but backwards<br />
<br />
With this algorithm, my password for amazon.com would be: co-bqp1111pqb-oc<br />
<br />
The end result is easy to generate, it's difficult for someone else to guess, and it's almost impossible to &quot;reverse engineer&quot; the algorithm if someone were to find out your password.<br />
<br />
(Note that this example is not my personal algorithm. It is only an example that I just made up right now.)<br />
<br />
Thanks again!
</div>


<div>
<div class="content wysiwyg-content">
Recently, I was discussing &quot;best practices&quot; when creating a password, and here are the &quot;qualifications&quot; I could think of:<br />
<br />
- easy to remember or generate<br />
- not the same as your other passwords<br />
- not easy for others to guess<br />
- more than 6 characters<br />
- contains at least one of ALL these: uppercase character, lowercase character, number, &quot;allowed&quot; punctuation-mark<br />
<br />
Can you think of any other &quot;best practice&quot;?<br />
<br />
Thanks in advance!<br />
-- Dave
</div>
</div>


Recently, I was discussing "best practices" when creating a password, and here are the "qualifications" I could think of:

- easy to remember or generate
- not the same as your other passwords
- not easy for others to guess
- more than 6 characters
- contains at least one of ALL these: uppercase character, lowercase character, number, "allowed" punctuation-mark

Can you think of any other "best practice"?

Thanks in advance!
-- Dave

Best practices when creating a password

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.