Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Remembering passwords

Via Scott, an article with some great tips on remembering your passwords. It includes the following vitally important tip:

You may trust the provider you’re signing up with, but are you confident no-one will hack into their database? If in doubt, err on the side of caution—be safe, not sorry.

A few years back I nearly learnt this one the hard way. An online gaming forum I had signed up for was cracked, and the password file started making its way around the less scrupulous members of the UK gaming community. The first I heard of this was when someone used my username and password form that forum to log in to my account on a different forum and post some messages. The bad news was that I had administrator access on the different forum, which at that time hav over 20,000 active members and nearly 2 million posts.

Luckily the prankster in question didn’t cause any damage and contacted me to warn me to change my password, but it gave me (and the other administrators of the forum) a pretty big scare.

Ever since then, I have maintained a minimum of 3 passwords. I have a low security username/password for unimportant accounts, a medium level one for sites that I trust to a greater extent than the low security ones and a number of high security passwords used for ecommerce sites and important admin level accounts. I should probably start spreading myself even thinner.

Posted 5th December 2002 at 2:23 am

This is Remembering passwords by Simon Willison, posted on 5th December 2002.

Tagged , ,

View blog reactions

Next: YAML

Previous: Mark goes XFML

2 comments

  1. Why not simply have different passwords for each case? I have different passwords everywhere, and I don't have to remember them - I simply have an algorithm to generate them from the title/name of the site I want to access. The formula is IMHO hard to guess only by looking at the password. This way I don't care if any of them gets cracked, as it's not used anywhere else. Of course passwords for most important things are not generated this way. It's like writing your credit card PIN number, with a marker, on the card itself. As long as you code it somehow (like, by adding 1 to digits on the odd positions and 2 to those on even ones) it should be save, handy (always where your card is) and not absorbing your memory (you do have to memorize the the algotihm, but you can use it with every card).

    Shot - 5th December 2002 18:01 - #

  2. For the record, in the two and a half years since this entry was posted it accumulated over 700 comments from people asking for me to hack in to an email account on hotmail or Yahoo. Bizzarely, many of these requests were from people concerned that their partner was cheating on them. The page eventually grew to over 400KB in size, and started attracting advertisements for illegal services. I've now removed the comments and closed the thread.

    Simon Willison - 7th March 2005 16:27 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2002/12/05/rememberingPasswords

A django site