Simon Willison’s Weblog

Remembering passwords

5th December 2002

Via Scott, an article with some great tips on remembering your passwords. It includes the following vitally important tip:

You may trust the provider you’re signing up with, but are you confident no-one will hack into their database? If in doubt, err on the side of caution—be safe, not sorry.

A few years back I nearly learnt this one the hard way. An online gaming forum I had signed up for was cracked, and the password file started making its way around the less scrupulous members of the UK gaming community. The first I heard of this was when someone used my username and password form that forum to log in to my account on a different forum and post some messages. The bad news was that I had administrator access on the different forum, which at that time had over 20,000 active members and nearly 2 million posts.

Luckily the prankster in question didn’t cause any damage and contacted me to warn me to change my password, but it gave me (and the other administrators of the forum) a pretty big scare.

Ever since then, I have maintained a minimum of 3 passwords. I have a low security username/password for unimportant accounts, a medium level one for sites that I trust to a greater extent than the low security ones and a number of high security passwords used for e-commerce sites and important admin level accounts. I should probably start spreading myself even thinner.